|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #55219 Segmentation fault with Serializable Object on self-reference
Submitted: 2011-07-16 23:46 UTC Modified: 2013-08-30 09:43 UTC
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: garic dot suess+php at gmail dot com Assigned:
Status: Wont fix Package: Reproducible crash
PHP Version: 5.3.6 OS: Ubuntu Linux 10.10 x64
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: garic dot suess+php at gmail dot com
New email:
PHP Version: OS:


 [2011-07-16 23:46 UTC] garic dot suess+php at gmail dot com
From manual page:

When a Serializable object contains a reference to it self a Segmentation fault 
is caused.

I first encountered this in 5.3.3, then found a binary package for 5.3.5 for my 
distribution. Finally I compiled my own 5.3.6. The segmentation fault persists in 
all three versions.

If the Serializable interface is removed the code works fine. 

Although the fault is reproducible, I found encountered other self-reference 
scenarios where it is not triggered, making this very unpredictable.

Test script:
class Test implements Serializable {
	public $member, $message;
	function __construct($message) {
		$this->message = $message;

	function serialize() {
		return serialize(array($this->message, $this->member));
	function unserialize($serialized) {
		list($this->message, $this->member) = unserialize($serialized); 

$constructed = new Test("original");
$constructed->member = $constructed; //References to self (in this example pointless, but technically legal)
$transported = unserialize(serialize($constructed)); // Segmentation fault.

Expected result:
Clean exit..

Actual result:
object(Test)#1 (2) {
  string(8) "original"
Segmentation fault


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2011-07-17 07:48 UTC]
-Status: Open +Status: Verified
 [2011-07-17 07:48 UTC]
I can reproduce it only in 5.3 branch. It's due a stack call overflow.
 [2011-07-17 08:23 UTC]
On 5.4 and trunk works because the r299770 change (Added support for object references in recursive serialize() calls. FR #36424)
 [2011-11-14 14:53 UTC] errebi at gmail dot com
I can reproduce it on PHP 5.2.11, but the result is quite different. (one more 

object(Test)#1 (2) {
  object(Test)#1 (2) {
    string(8) "original"
  string(8) "original"
Segmentation fault

Hope could help
 [2013-08-30 09:43 UTC]
-Status: Verified +Status: Wont fix
 [2013-08-30 09:43 UTC]
Fixed in 5.4.0, see

PHP 5.3 is end of life per March 2013 ( ), so you should upgrade to 5.4. Given that the issue is 2 years old, you might just as well already have. ;)
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun May 26 12:01:29 2024 UTC