php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #73390 Segmentation fault on clone sample code spread across multiple current versions
Submitted: 2016-10-26 10:28 UTC Modified: 2017-10-05 11:11 UTC
From: kenterfie at googlemail dot com Assigned:
Status: Duplicate Package: Reproducible crash
PHP Version: 5.x 7.x OS: Linux
Private report: No CVE-ID:
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: kenterfie at googlemail dot com
New email:
PHP Version: OS:

 

 [2016-10-26 10:28 UTC] kenterfie at googlemail dot com
Description:
------------
The following code sample is a 1:1 copy of one of your samples on php.net. It produce an segmentation fault. I was writing on a very similar subject, which also produce an segmentation fault, after some testing i found the page on php.net and also this sample fail. I set the bug type to security because it is spread accross the most current php versions. I have tested 5.6.27 locally, but all other version also affected. Simple test is to use http://phptester.net/ which end in an internal server error.


Test script:
---------------
<?php

class Foo
{
    var $that;

    function __clone()
    {
        $this->that = clone $this->that;
    }

}

$a = new Foo;
$b = new Foo;
$a->that = $b;
$b->that = $a;

$c = clone $a;
echo 'What happened?';
var_dump($c);

Expected result:
----------------
The normally expected result should be a successful created copy of an object.

Actual result:
--------------
Segmentation fault

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-10-26 10:29 UTC] kenterfie at googlemail dot com
-PHP Version: Irrelevant +PHP Version: 5.x 7.x
 [2016-10-26 10:29 UTC] kenterfie at googlemail dot com
Added more meaningful version information
 [2016-10-27 01:08 UTC] stas@php.net
-Status: Open +Status: Feedback -Type: Security +Type: Bug
 [2016-10-27 01:08 UTC] stas@php.net
Where on php.net do you have this sample? It's certainly not a correct code, it leads to stack exhaustion via infinite recursion.
 [2016-10-27 01:09 UTC] stas@php.net
-Package: PHP Language Specification +Package: Reproducible crash
 [2016-10-27 02:03 UTC] requinix@php.net
-Status: Feedback +Status: Open
 [2016-10-27 02:03 UTC] requinix@php.net
It's a user comment from 8 years ago on the oop5.cloning page.
http://php.net/manual/en/language.oop5.cloning.php#79886

Obviously not a problem on our end. Do we add an editor's note? Remove the comment entirely?
 [2017-10-05 11:11 UTC] nikic@php.net
-Status: Open +Status: Duplicate
 [2017-10-05 11:11 UTC] nikic@php.net
Duplicate of #64196 regarding __clone() recursion stack overflow.

Given that the user note specifically wants to demonstrate this issue, I don't think there is anything actionable here.
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Aug 29 15:01:52 2017 UTC