|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #72107 Infinite Recursion in Array Structure
Submitted: 2016-04-26 14:43 UTC Modified: 2021-05-31 15:33 UTC
Avg. Score:4.0 ± 1.0
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:2 (100.0%)
From: php at abiusx dot com Assigned:
Status: Verified Package: Arrays related
PHP Version: 7.0.5 OS: OS X
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2016-04-26 14:43 UTC] php at abiusx dot com
By creating an array structure in the following format:


Any PHP-only attempt at discovering this recursion will fail. Also, structures like RecursiveIterators will loop infinitely, unserialize(serialize($a)) also drops out the val part.

Generally PHP behaves very weird and unexpectedly. I have not traced this in the Zend engine to see what is causing it, but my hypothesis is that accessing $a['val'] is creating a new copy of it every time (and my PHP-side tests confirm this).

Test script:
var_dump($a); //normal, as expected

var_dump(unserialize(serialize($a))); //half-arsed

foreach (new RecursiveIteratorIterator(new RecursiveArrayIterator($a)) as $k=>$v)
	echo $k,"=>",@$v,PHP_EOL; //infinite loop

Expected result:
At least RecursiveIterators should be able to distinguish this behavior, if serialize can not handle it. Or PHP internals should be changed in a way that this does not happen.
Or these examples be marked as dangerous because they can possibly break applications.

Actual result:
Infinite Loop


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2021-05-31 15:33 UTC]
-Status: Open +Status: Verified
 [2021-05-31 15:33 UTC]
Indeed, (un)serialization doesn't look quite right[1], and the
loop hangs for me (PHP-7.4).

[1] <>
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Apr 13 13:01:30 2024 UTC