php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75237 jsonSerialize() - Returning new instance of self causes segfault
Submitted: 2017-09-20 21:39 UTC Modified: 2017-10-05 10:48 UTC
From: sammyk@php.net Assigned:
Status: Duplicate Package: JSON related
PHP Version: Irrelevant OS: macOS 10.12.6
Private report: No CVE-ID: None
 [2017-09-20 21:39 UTC] sammyk@php.net
Description:
------------
You can easily create a segfault in jsonSerialize() by returning a new instance of self. You can see this affects all actively supported versions of PHP here: https://3v4l.org/tLMv6

I'm working on a patch and will be submitting it as a PR soon. :)

Test script:
---------------
<?php

class Foo implements JsonSerializable {
  public function jsonSerialize() {
    return new self;
  }
}

var_dump(json_encode(new Foo));


Expected result:
----------------
We'd should see a fatal error raised on an exception thrown.

Actual result:
--------------
Segmentation fault. Doh!

Patches

Pull Requests

Pull requests:

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-10-05 10:48 UTC] nikic@php.net
-Status: Open +Status: Duplicate
 [2017-10-05 10:48 UTC] nikic@php.net
This is a standard infinite recursion stack overflow -- I'm marking it as a duplicate of #64196, which is about __clone(), but the same general issue.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 10:01:29 2024 UTC