PHP :: Bug #72107 :: Infinite Recursion in Array Structure

Bug #72107

Infinite Recursion in Array Structure

Submitted:

2016-04-26 14:43 UTC

Modified:

2021-05-31 15:33 UTC

Votes:	2
Avg. Score:	4.0 ± 1.0
Reproduced:	2 of 2 (100.0%)
Same Version:	2 (100.0%)
Same OS:	2 (100.0%)

From:

php at abiusx dot com

Assigned:

Status:

Verified

Package:

Arrays related

PHP Version:

7.0.5

OS:

OS X

Private report:

CVE-ID:

None

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	php at abiusx dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2016-04-26 14:43 UTC] php at abiusx dot com

Description:
------------
By creating an array structure in the following format:

$a=[];
$a['ref']=&$a;
$a['val']=$a;

Any PHP-only attempt at discovering this recursion will fail. Also, structures like RecursiveIterators will loop infinitely, unserialize(serialize($a)) also drops out the val part.

Generally PHP behaves very weird and unexpectedly. I have not traced this in the Zend engine to see what is causing it, but my hypothesis is that accessing $a['val'] is creating a new copy of it every time (and my PHP-side tests confirm this).


Test script:
---------------
$a=['ref'=>&$a];
$a['val']=$a;
var_dump($a); //normal, as expected

var_dump(unserialize(serialize($a))); //half-arsed

foreach (new RecursiveIteratorIterator(new RecursiveArrayIterator($a)) as $k=>$v)
	echo $k,"=>",@$v,PHP_EOL; //infinite loop


Expected result:
----------------
At least RecursiveIterators should be able to distinguish this behavior, if serialize can not handle it. Or PHP internals should be changed in a way that this does not happen.
Or these examples be marked as dangerous because they can possibly break applications.

Actual result:
--------------
Infinite Loop

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2021-05-31 15:33 UTC] cmb@php.net

-Status: Open +Status: Verified

[2021-05-31 15:33 UTC] cmb@php.net

Indeed, (un)serialization doesn't look quite right[1], and the
loop hangs for me (PHP-7.4).

[1] <https://3v4l.org/eqU8f>

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue Jul 01 02:01:36 2025 UTC