php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #60682 Infinite recursion through call_user_func causes segmentation fault
Submitted: 2012-01-07 15:49 UTC Modified: 2012-01-09 10:47 UTC
Votes:14
Avg. Score:4.0 ± 1.3
Reproduced:9 of 12 (75.0%)
Same Version:7 (77.8%)
Same OS:2 (22.2%)
From: charlie at charliesomerville dot com Assigned:
Status: Not a bug Package: Reproducible crash
PHP Version: 5.3.8 OS: Irrelevant
Private report: No CVE-ID: None
 [2012-01-07 15:49 UTC] charlie at charliesomerville dot com
Description:
------------
The PHP interpreter crashes when a call_user_func recurses too deep, rather than 
dying with a memory error.

Test script:
---------------
<?php

function f() { call_user_func("f"); }
f();

Expected result:
----------------
Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 
523800 bytes) in /Users/charlie/crap/notsegfault.php on line 4

Actual result:
--------------
Segmentation fault

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-01-09 04:26 UTC] laruence@php.net
-Status: Open +Status: Bogus
 [2012-01-09 04:26 UTC] laruence@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

reason is stack overflow, not php issues, but fyi, you can install xdebug to 
prevent this.
 [2012-01-09 04:32 UTC] charlie at charliesomerville dot com
I believe a segmentation fault due to a VM stack overflow is *definitely* a bug. 
You'd be hard-pressed to find another managed language where user code that 
recurses too deep actually crashes the VM.

PHP manages to handle stack overflows just fine in other situations anyway:

    function f() { f(); }

    function f() { $a = "f"; $a(); }

Neither of those functions will crash the interpreter when called.
 [2012-01-09 07:53 UTC] laruence@php.net
sure, that is because there is some improvment in zend_execute which make the 
function call no-need to call zend_execute recursivly, 

but call to zend_call_user_function is definitly will be recursivly.

thanks
 [2012-01-09 10:47 UTC] charlie at charliesomerville dot com
> but call to zend_call_user_function is definitly will be recursivly.

So there *is* an issue here, and this bug is definitely not bogus.

Maybe it would be a good idea to set a hard coded or perhaps php.ini configurable recursion 
limit for calls going through zend_call_user_function(), that when exceeded causes a fatal 
error.

I understand that xdebug is a very helpful extension, but this sort of problem should definitely 
be caught by PHP. I didn't have xdebug installed when I found this bug in some code I was 
working on, so I wasted a fair amount of time head scratching trying to figure out why PHP was 
segfaulting before I found the typo that was causing my code to infinitely recurse.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 03:01:29 2024 UTC