php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #72107 Infinite Recursion in Array Structure
Submitted: 2016-04-26 14:43 UTC Modified: -
Votes:2
Avg. Score:4.0 ± 1.0
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:2 (100.0%)
From: php at abiusx dot com Assigned:
Status: Open Package: Arrays related
PHP Version: 7.0.5 OS: OS X
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2016-04-26 14:43 UTC] php at abiusx dot com
Description:
------------
By creating an array structure in the following format:

$a=[];
$a['ref']=&$a;
$a['val']=$a;

Any PHP-only attempt at discovering this recursion will fail. Also, structures like RecursiveIterators will loop infinitely, unserialize(serialize($a)) also drops out the val part.

Generally PHP behaves very weird and unexpectedly. I have not traced this in the Zend engine to see what is causing it, but my hypothesis is that accessing $a['val'] is creating a new copy of it every time (and my PHP-side tests confirm this).


Test script:
---------------
$a=['ref'=>&$a];
$a['val']=$a;
var_dump($a); //normal, as expected

var_dump(unserialize(serialize($a))); //half-arsed

foreach (new RecursiveIteratorIterator(new RecursiveArrayIterator($a)) as $k=>$v)
	echo $k,"=>",@$v,PHP_EOL; //infinite loop


Expected result:
----------------
At least RecursiveIterators should be able to distinguish this behavior, if serialize can not handle it. Or PHP internals should be changed in a way that this does not happen.
Or these examples be marked as dangerous because they can possibly break applications.

Actual result:
--------------
Infinite Loop

Patches

Add a Patch

Pull Requests

Add a Pull Request

 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sun Aug 25 19:01:26 2019 UTC