php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69792 Stack Overflow in JSON with JsonSerializable
Submitted: 2015-06-10 12:44 UTC Modified: 2017-04-30 15:26 UTC
From: ryat@php.net Assigned:
Status: Wont fix Package: JSON related
PHP Version: 5.4.41 OS: *
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: ryat@php.net
New email:
PHP Version: OS:

 

 [2015-06-10 12:44 UTC] ryat@php.net
Description:
------------
```
static void json_encode_serializable_object(smart_str *buf, zval *val, int options TSRMLS_DC) /* {{{ */
{
	...
	ZVAL_STRING(&fname, "jsonSerialize", 0);

	if (FAILURE == call_user_function_ex(EG(function_table), &val, &fname, &retval, 0, NULL, 1, NULL TSRMLS_CC) || !retval) {
		zend_throw_exception_ex(NULL, 0 TSRMLS_CC, "Failed calling %s::jsonSerialize()", ce->name);
		smart_str_appendl(buf, "null", sizeof("null") - 1);
		return;
    }
	...
	if ((Z_TYPE_P(retval) == IS_OBJECT) &&
		(Z_OBJ_HANDLE_P(retval) == Z_OBJ_HANDLE_P(val))) {
		/* Handle the case where jsonSerialize does: return $this; by going straight to encode array */
		json_encode_array(buf, &retval, options TSRMLS_CC);
	} else {
		/* All other types, encode as normal */
		php_json_encode(buf, retval, options TSRMLS_CC);
	}

	zval_ptr_dtor(&retval);
}
/* }}} */

PHP_JSON_API void php_json_encode(smart_str *buf, zval *val, int options TSRMLS_DC) /* {{{ */
{
	switch (Z_TYPE_P(val))
	{
		...
		case IS_OBJECT:
			if (instanceof_function(Z_OBJCE_P(val), php_json_serializable_ce TSRMLS_CC)) {
				json_encode_serializable_object(buf, val, options TSRMLS_CC);
				break;
			}
```

The following code should crash PHP:

```
class JsonTest implements JsonSerializable {
    public function jsonSerialize() {
		return new JsonTest;
//		$obj = new JsonTest;
//		return array($obj);
    }
}

$obj = new JsonTest;
json_encode($obj);
```


Patches

5.6series-patch (last revision 2015-06-10 12:44 UTC by ryat)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-06-10 13:38 UTC] cmb@php.net
Actually, this is a duplicate of bug #67265. This ticket had been
closed as "not a bug", but there has been some disagreement, so
I'm leaving this ticket open.
 [2017-04-30 15:26 UTC] bukka@php.net
-Status: Open +Status: Wont fix
 [2017-04-30 15:26 UTC] bukka@php.net
The proposed path won't work in PHP 7.1+ as it relies on shared global context that was changed to an independent context because it was causing other issues and it's usage in here is also incorrect as it's not a json depth but function call depth in this context. This is a general problem of recursion that is not specific to json but any recursive function. As such I don't think it should be specially addressed in here.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 07 06:01:29 2024 UTC