|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2016-11-25 21:35 UTC] stas@php.net
-Type: Security
+Type: Bug
-Package: Reproducible crash
+Package: Scripting Engine problem
[2016-11-25 21:35 UTC] stas@php.net
[2017-01-02 12:26 UTC] nikic@php.net
-Status: Open
+Status: Duplicate
[2017-01-02 12:26 UTC] nikic@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Thu Apr 03 21:01:29 2025 UTC |
Description: ------------ According to 3v4l.org, this script crashes 5.6.0-5.6.28 and 7.0.0-7.1.0RC6. Test script: --------------- <?php class Node{private$n0;public function setNe0t($node=0){$this->n0=$node;return$this;}}class Lin0edList{private$d;public function addNode(){$this->head=(new Node)->setNe0t($this->head);}}$ll=new Lin0edList;for(;$i<100000;$i++){$ll->addNode();} Actual result: -------------- Program received signal SIGSEGV, Segmentation fault. 0x00000000019ae6a0 in zend_objects_destroy_object (object=0x7ffff0d83120, handle=88868) at /root/php-5.6.28/Zend/zend_objects.c:62 62 { (gdb) list 57 efree(object->properties_table); 58 } 59 } 60 61 ZEND_API void zend_objects_destroy_object(zend_object *object, zend_object_handle handle TSRMLS_DC) 62 { 63 zend_function *destructor = object ? object->ce->destructor : NULL; 64 65 if (destructor) { 66 zval *old_exception; (gdb) bt #0 0x00000000019ae6a0 in zend_objects_destroy_object (object=0x7ffff0d83120, handle=88868) at /root/php-5.6.28/Zend/zend_objects.c:62 #1 0x00000000019ae630 in .AFL_VARS () #2 0x00007ffff1606128 in ?? () #3 0x0000000000000000 in ?? ()