php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #48562 Reference recursion causes segfault when used in wddx_serialize_vars()
Submitted: 2009-06-15 19:24 UTC Modified: 2009-06-16 03:19 UTC
From: felipe@php.net Assigned: felipe
Status: Closed Package: WDDX related
PHP Version: 5.*, 6 OS: Linux
Private report: No CVE-ID:
 [2009-06-15 19:24 UTC] felipe@php.net
Description:
------------
See below.

Reproduce code:
---------------
$a[] = new stdclass; $a[] = &$a; wddx_serialize_vars($a);

Expected result:
----------------
No SIGSEGV.

Actual result:
--------------
#0  0xb7482e60 in pthread_getspecific () from /lib/i686/cmov/libpthread.so.0
#1  0x08553158 in ts_resource_ex (id=0, th_id=0x0) at /home/felipe/dev/php5/TSRM/TSRM.c:329
#2  0x08524f9b in php_wddx_add_var (packet=0xa383c84, name_var=0xa382b94) at /home/felipe/dev/php5/ext/wddx/wddx.c:696
#3  0x085250f8 in php_wddx_add_var (packet=0xa383c84, name_var=0xa3833ec) at /home/felipe/dev/php5/ext/wddx/wddx.c:712
#4  0x085250f8 in php_wddx_add_var (packet=0xa383c84, name_var=0xa3833ec) at /home/felipe/dev/php5/ext/wddx/wddx.c:712
#5  0x085250f8 in php_wddx_add_var (packet=0xa383c84, name_var=0xa3833ec) at /home/felipe/dev/php5/ext/wddx/wddx.c:712
#6  0x085250f8 in php_wddx_add_var (packet=0xa383c84, name_var=0xa3833ec) at /home/felipe/dev/php5/ext/wddx/wddx.c:712
#7  0x085250f8 in php_wddx_add_var (packet=0xa383c84, name_var=0xa3833ec) at /home/felipe/dev/php5/ext/wddx/wddx.c:712
#8  0x085250f8 in php_wddx_add_var (packet=0xa383c84, name_var=0xa3833ec) at /home/felipe/dev/php5/ext/wddx/wddx.c:712
#9  0x085250f8 in php_wddx_add_var (packet=0xa383c84, name_var=0xa3833ec) at /home/felipe/dev/php5/ext/wddx/wddx.c:712
...

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-06-16 03:19 UTC] felipe@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Fixed in 5.2, 5.3 and HEAD.
 [2012-06-11 15:05 UTC] ab@php.net
Automatic comment on behalf of mattficken
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a18cede1c5094d5255daeb99cd6debe09938399d
Log: Fix bug #62271 test bug - ext/wddx/tests/bug48562.phpt
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Fri Apr 18 20:01:57 2014 UTC