php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #65168 segfault when __toString() returns "$this"
Submitted: 2013-06-30 15:54 UTC Modified: 2013-07-03 19:12 UTC
From: oliver at x10 dot pe Assigned:
Status: Not a bug Package: Class/Object related
PHP Version: master-Git-2013-06-30 (Git) OS: Xubuntu 12.10 64bits
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: oliver at x10 dot pe
New email:
PHP Version: OS:

 

 [2013-06-30 15:54 UTC] oliver at x10 dot pe
Description:
------------
Hi,

Casting $this as string inside __toString() magic function makes php crash. It 
seems it ran into an infinite loop. 

Tested on PHP 5.5 and 5.4.11, even 5.3.6

Test script:
---------------
class base {
    function __toString() {
        return "$this";
    }
}
echo new base();

Expected result:
----------------
Exception thrown, or an error message.

Actual result:
--------------
ViolaciĆ³n de segmento (`core' generado)

[Segmentation Fault ('core' dumped)]

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-06-30 16:44 UTC] laruence@php.net
actually, this is not a "returning" problem,

return "$this" is same as return strval($this), 

so, it's the same as return $this->__toString.

it's a stack overflow segfault
 [2013-06-30 16:46 UTC] laruence@php.net
oh, there was a mistake, that is, after we have stackless user function call

return $this should be same as return call_user_func(array($this, "__toString"));
 [2013-06-30 16:53 UTC] oliver at x10 dot pe
laruence, yep I realized I described wrong the bug in the subject after sending 
it >.<
 [2013-07-03 19:12 UTC] johannes@php.net
-Status: Open +Status: Not a bug
 [2013-07-03 19:12 UTC] johannes@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

Infinite recursion can lead to stackoverflow and segfault.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Feb 24 17:01:32 2024 UTC