php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #72107 Infinite Recursion in Array Structure
Submitted: 2016-04-26 14:43 UTC Modified: 2021-05-31 15:33 UTC
Votes:2
Avg. Score:4.0 ± 1.0
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:2 (100.0%)
From: php at abiusx dot com Assigned:
Status: Verified Package: Arrays related
PHP Version: 7.0.5 OS: OS X
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: php at abiusx dot com
New email:
PHP Version: OS:

 

 [2016-04-26 14:43 UTC] php at abiusx dot com
Description:
------------
By creating an array structure in the following format:

$a=[];
$a['ref']=&$a;
$a['val']=$a;

Any PHP-only attempt at discovering this recursion will fail. Also, structures like RecursiveIterators will loop infinitely, unserialize(serialize($a)) also drops out the val part.

Generally PHP behaves very weird and unexpectedly. I have not traced this in the Zend engine to see what is causing it, but my hypothesis is that accessing $a['val'] is creating a new copy of it every time (and my PHP-side tests confirm this).


Test script:
---------------
$a=['ref'=>&$a];
$a['val']=$a;
var_dump($a); //normal, as expected

var_dump(unserialize(serialize($a))); //half-arsed

foreach (new RecursiveIteratorIterator(new RecursiveArrayIterator($a)) as $k=>$v)
	echo $k,"=>",@$v,PHP_EOL; //infinite loop


Expected result:
----------------
At least RecursiveIterators should be able to distinguish this behavior, if serialize can not handle it. Or PHP internals should be changed in a way that this does not happen.
Or these examples be marked as dangerous because they can possibly break applications.

Actual result:
--------------
Infinite Loop

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-05-31 15:33 UTC] cmb@php.net
-Status: Open +Status: Verified
 [2021-05-31 15:33 UTC] cmb@php.net
Indeed, (un)serialization doesn't look quite right[1], and the
loop hangs for me (PHP-7.4).

[1] <https://3v4l.org/eqU8f>
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 10:01:30 2024 UTC