php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #81062 Infinite recursion causes a segmentation fault
Submitted: 2021-05-20 20:41 UTC Modified: 2021-05-20 22:16 UTC
From: me at matthewturland dot com Assigned:
Status: Not a bug Package: Reproducible crash
PHP Version: 8.0.6 OS: Fedora 33
Private report: No CVE-ID: None
 [2021-05-20 20:41 UTC] me at matthewturland dot com
Description:
------------
See the referenced test script URL, which includes an explanation and a reproduceable test case.

Test script:
---------------
See https://github.com/elazar/php-segfault.

Expected result:
----------------
PHP should either block or emit an error indicating that memory_limit or max_execution_time was exceeded or something of that nature.

Actual result:
--------------
Segmentation fault (core dumped)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-05-20 21:26 UTC] requinix@php.net
-Summary: Infinite loop causes a segmentation fault +Summary: Infinite recursion causes a segmentation fault -Status: Open +Status: Not a bug
 [2021-05-20 21:26 UTC] requinix@php.net
PHP will give you memory and/or execution time warnings *if they happen*. If you manage to smash the stack before they happen then you won't get any warnings.
 [2021-05-20 22:00 UTC] wyrihaximus@php.net
Any code that can make PHP segfault is a bug, especially when no special extensions are at play. This specific bug has been in PHP for years, at least early PHP 7 maybe even late PHP 5, it's been a while. And PHP will report the runtime/memory limit error if you give it a bit more memory. Which makes me think it's about to do that but then runs out of memory and segfaults as a result. (Guessing a bit here tbh.)
 [2021-05-20 22:12 UTC] requinix@php.net
Not really, no.

Running the repro script with a very small memory limit will report the OOM error.

Running the repro script with modifications to noop for a bit (such as with an empty for loop) will report on the execution time limit.

What is happening here is that PHP is quite happily running all the code it was told to run and *the kernel* is killing the process because it ran out of stack space.

In development, considering installing Xdebug which has a feature to restrict the stack depth.
 [2021-05-20 22:16 UTC] nikic@php.net
I usually mark this issue as a duplicate of bug #64196 (infinite recursion with VM reentry).

https://github.com/php/php-src/pull/5135 may address this with a better diagnostic, but I think that is currently blocked on reporting stack traces for fatal errors.
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Fri Dec 02 05:05:54 2022 UTC