php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #65168 segfault when __toString() returns "$this"
Submitted: 2013-06-30 15:54 UTC Modified: 2013-07-03 19:12 UTC
From: oliver at x10 dot pe Assigned:
Status: Not a bug Package: Class/Object related
PHP Version: master-Git-2013-06-30 (Git) OS: Xubuntu 12.10 64bits
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: oliver at x10 dot pe
New email:
PHP Version: OS:

 

 [2013-06-30 15:54 UTC] oliver at x10 dot pe
Description:
------------
Hi,

Casting $this as string inside __toString() magic function makes php crash. It 
seems it ran into an infinite loop. 

Tested on PHP 5.5 and 5.4.11, even 5.3.6

Test script:
---------------
class base {
    function __toString() {
        return "$this";
    }
}
echo new base();

Expected result:
----------------
Exception thrown, or an error message.

Actual result:
--------------
ViolaciĆ³n de segmento (`core' generado)

[Segmentation Fault ('core' dumped)]

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-06-30 16:44 UTC] laruence@php.net
actually, this is not a "returning" problem,

return "$this" is same as return strval($this), 

so, it's the same as return $this->__toString.

it's a stack overflow segfault
 [2013-06-30 16:46 UTC] laruence@php.net
oh, there was a mistake, that is, after we have stackless user function call

return $this should be same as return call_user_func(array($this, "__toString"));
 [2013-06-30 16:53 UTC] oliver at x10 dot pe
laruence, yep I realized I described wrong the bug in the subject after sending 
it >.<
 [2013-07-03 19:12 UTC] johannes@php.net
-Status: Open +Status: Not a bug
 [2013-07-03 19:12 UTC] johannes@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

Infinite recursion can lead to stackoverflow and segfault.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 14 13:01:26 2024 UTC