PHP :: Bug #48562 :: Reference recursion causes segfault when used in wddx_serialize

Bug #48562	Reference recursion causes segfault when used in wddx_serialize_vars()
Submitted:	2009-06-15 19:24 UTC	Modified:	2009-06-16 03:19 UTC
From:	felipe@php.net	Assigned:	felipe (profile)
Status:	Closed	Package:	WDDX related
PHP Version:	5.*, 6	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

[2009-06-15 19:24 UTC] felipe@php.net

Description:
------------
See below.

Reproduce code:
---------------
$a[] = new stdclass; $a[] = &$a; wddx_serialize_vars($a);

Expected result:
----------------
No SIGSEGV.

Actual result:
--------------
#0  0xb7482e60 in pthread_getspecific () from /lib/i686/cmov/libpthread.so.0
#1  0x08553158 in ts_resource_ex (id=0, th_id=0x0) at /home/felipe/dev/php5/TSRM/TSRM.c:329
#2  0x08524f9b in php_wddx_add_var (packet=0xa383c84, name_var=0xa382b94) at /home/felipe/dev/php5/ext/wddx/wddx.c:696
#3  0x085250f8 in php_wddx_add_var (packet=0xa383c84, name_var=0xa3833ec) at /home/felipe/dev/php5/ext/wddx/wddx.c:712
#4  0x085250f8 in php_wddx_add_var (packet=0xa383c84, name_var=0xa3833ec) at /home/felipe/dev/php5/ext/wddx/wddx.c:712
#5  0x085250f8 in php_wddx_add_var (packet=0xa383c84, name_var=0xa3833ec) at /home/felipe/dev/php5/ext/wddx/wddx.c:712
#6  0x085250f8 in php_wddx_add_var (packet=0xa383c84, name_var=0xa3833ec) at /home/felipe/dev/php5/ext/wddx/wddx.c:712
#7  0x085250f8 in php_wddx_add_var (packet=0xa383c84, name_var=0xa3833ec) at /home/felipe/dev/php5/ext/wddx/wddx.c:712
#8  0x085250f8 in php_wddx_add_var (packet=0xa383c84, name_var=0xa3833ec) at /home/felipe/dev/php5/ext/wddx/wddx.c:712
#9  0x085250f8 in php_wddx_add_var (packet=0xa383c84, name_var=0xa3833ec) at /home/felipe/dev/php5/ext/wddx/wddx.c:712
...

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-06-16 03:19 UTC] felipe@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Fixed in 5.2, 5.3 and HEAD.

[2012-06-11 15:05 UTC] ab@php.net

Automatic comment on behalf of mattficken
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a18cede1c5094d5255daeb99cd6debe09938399d
Log: Fix bug #62271 test bug - ext/wddx/tests/bug48562.phpt

[2014-10-07 23:24 UTC] stas@php.net

Automatic comment on behalf of mattficken
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=a18cede1c5094d5255daeb99cd6debe09938399d
Log: Fix bug #62271 test bug - ext/wddx/tests/bug48562.phpt

[2014-10-07 23:35 UTC] stas@php.net

Automatic comment on behalf of mattficken
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=a18cede1c5094d5255daeb99cd6debe09938399d
Log: Fix bug #62271 test bug - ext/wddx/tests/bug48562.phpt

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Oct 31 08:00:01 2025 UTC