php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #46754 Infinite recursion in __toString method causes crash
Submitted: 2008-12-05 02:52 UTC Modified: 2012-03-14 17:21 UTC
From: kalle@php.net Assigned:
Status: Not a bug Package: Scripting Engine problem
PHP Version: 5.2.6 OS: *
Private report: No CVE-ID: None
 [2008-12-05 02:52 UTC] kalle@php.net
Description:
------------
Same type of crash as reported in #46156, instead of a crash a memory_limit error is expected.

Reproduce code:
---------------
<?php
	class Crash
	{
		public function __toString()
		{
			return((string) new self);
		}
	}

	echo new Crash;
?>

Expected result:
----------------
memory_limit error

Actual result:
--------------
Crash

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-12-05 09:31 UTC] derick@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

Infinite recursion crashes, and always has. This should work in PHP 5.3 though, as we don't generally use stack for recursion anymore.
 [2012-03-14 16:38 UTC] mail at willdaniels dot co dot uk
Using 5.3.10 infinite recursion in __toString still causes a segmentation fault.

Are you really saying that it's OK to just leave the possibility for arbitrary PHP scripts to cause segfaults, potentially taking down a whole webserver process when using PHP as a shared library?

Maybe a webserver _can_ implement ways to handle such things, but not all do, and infinite recursion in normal class methods dies more gracefully.

IMHO preventable segfaults are just too serious to ignore in something that is _intended_ to be usable as a shared library, so I think this is valid a bug.
 [2012-03-14 17:20 UTC] rasmus@php.net
No, it isn't ok which is why it is fixed in PHP 5.3 which was released 3 years 
ago.
 [2012-03-14 17:21 UTC] rasmus@php.net
Oops, sorry, misread. I was reading the original report. The case reported was 
fixed.
 [2012-03-15 02:22 UTC] mail at willdaniels dot co dot uk
The case reported is the same as my issue and the code posted in the original report still segfaults for me using 5.3.10.

Admittedly I am using a packaged build from the current Ubuntu development branch ("precise" 12.04) and I know that Debian/Ubuntu do plenty of their own patching of the PHP sources, which I have sometimes found to create problems that don't otherwise exist.

So that is why I came straight to the "upstream" bug tracker to see if the issue was known to exist for purer and/or newer builds. But how then to interpret the exact same bug already reported years back and rejected for being "not a bug"? There didn't seem to be any point in pursuing the issue in that case, hence some annoyance in my tone.

But if PHP would indeed be interested to fix it, I'll check using latest, unaltered sources and file a new bug if it's still an issue...
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sat Dec 14 15:01:23 2019 UTC