|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #67265 Segmentation fault on json_encode with json_serializable
Submitted: 2014-05-13 14:09 UTC Modified: 2014-05-14 14:44 UTC
From: edu at offerum dot com Assigned:
Status: Not a bug Package: JSON related
PHP Version: 5.5.12 OS: Linux (Ubuntu 14.04)
Private report: No CVE-ID: None
 [2014-05-13 14:09 UTC] edu at offerum dot com
php-cgi segfaults when trying to encode a class which extends json_serializable.
At least this happens when the json_serialize method unsets a variable declared in the class.

Example in:

From manual page:

Test script:
class C implements JsonSerializable {
    var $a = 'lol';
    var $b = 'fa';
    public function jsonSerialize() { 
	$aux = clone($this);
        return $aux; 
echo json_encode(new C()); //Ka-boom!!

Expected result:
The object json-encoded only with var $b.

Actual result:
Segmentation fault.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2014-05-13 15:12 UTC]
Glancing at the backtrace on my local machine this has to do with clone call.
 [2014-05-13 15:14 UTC]
Additionally, the code is recursively calling jsonSerialize; you need to return an array.
 [2014-05-13 15:18 UTC]
My $0.02; find some way to protect against recursion and then fail nicely.
 [2014-05-13 15:19 UTC]
-Status: Open +Status: Not a bug
 [2014-05-13 15:19 UTC]
Yep. This is not a bug but infinite recursion.
 [2014-05-13 15:21 UTC] edu at offerum dot com
-Status: Not a bug +Status: Open
 [2014-05-13 15:21 UTC] edu at offerum dot com
Yep, I was wrong thinking it has something to do with deleting object variables.
Indeed, the behaviour can be seen pretty clear here:

class C implements JsonSerializable {
    public function jsonSerialize() { 
	$a = clone($this);
        echo 1;
       	return $a;
echo json_encode(new C());

 [2014-05-13 15:22 UTC]
-Status: Open +Status: Not a bug
 [2014-05-13 15:22 UTC]
Still, not a bug.
 [2014-05-13 15:29 UTC]
-Status: Not a bug +Status: Open
 [2014-05-13 15:29 UTC]

Generally we do not consider segfaults as acceptable behavior. Instead we need to fail nicely. This *is* a bug.
 [2014-05-13 19:44 UTC]
-Status: Open +Status: Not a bug
 [2014-05-13 19:44 UTC]
while I agree that this isn't nice, but we have a bunch of other cases when infinite recursion will result in a segfault (for example, and mike is right about that we close these kind of reports as not a bug/won't fix, for example or

We even had a pull request which could have fixed some of those cases ( but it was declined as something we don't need in the core.

If you think it is worth your time, please bring this up on the internals mailing list so maybe we can make a different agreement this time.
 [2014-05-14 14:44 UTC] edu at offerum dot com
Just to clarify, It wasn't my intention to reopen the bug yesterday; it happend that Mike closed the bug while I was writing my comment, so I reopened it without knowing it :)
Once I know why this happens, it's not a problem for me. But initially it wasn't so obvious that returning an instance of the object itself wasn't a good idea. Maybe a warning note in documentation about potential recursivity problems would be a good idea.
Anyway, at least here is this bug so other people can find it if they're facing the same problem.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Apr 12 18:01:31 2024 UTC