PHP :: Bug #75237 :: jsonSerialize() - Returning new instance of self causes segfault

Bug #75237	jsonSerialize() - Returning new instance of self causes segfault
Submitted:	2017-09-20 21:39 UTC	Modified:	2017-10-05 10:48 UTC
From:	sammyk@php.net	Assigned:
Status:	Duplicate	Package:	JSON related
PHP Version:	Irrelevant	OS:	macOS 10.12.6
Private report:	No	CVE-ID:	None

View Developer Edit

[2017-09-20 21:39 UTC] sammyk@php.net

Description:
------------
You can easily create a segfault in jsonSerialize() by returning a new instance of self. You can see this affects all actively supported versions of PHP here: https://3v4l.org/tLMv6

I'm working on a patch and will be submitting it as a PR soon. :)

Test script:
---------------
<?php

class Foo implements JsonSerializable {
  public function jsonSerialize() {
    return new self;
  }
}

var_dump(json_encode(new Foo));


Expected result:
----------------
We'd should see a fatal error raised on an exception thrown.

Actual result:
--------------
Segmentation fault. Doh!

Patches

Pull Requests

Pull requests:

Fix bug #75237 (jsonSerialize() - Returning new instance of self causes segfault) (php-src/2763)

History

AllCommentsChangesGit/SVN commitsRelated reports

[2017-10-05 10:48 UTC] nikic@php.net

-Status: Open +Status: Duplicate

[2017-10-05 10:48 UTC] nikic@php.net

This is a standard infinite recursion stack overflow -- I'm marking it as a duplicate of #64196, which is about __clone(), but the same general issue.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Apr 02 00:01:32 2025 UTC