|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #81373 Segmentation fault
Submitted: 2021-08-19 09:11 UTC Modified: 2021-08-19 11:14 UTC
From: m dot volkov at npo-echelon dot ru Assigned: cmb (profile)
Status: Duplicate Package: Reproducible crash
PHP Version: 8.1Git-2021-08-19 (Git) OS: Debian 10
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: m dot volkov at npo-echelon dot ru
New email:
PHP Version: OS:


 [2021-08-19 09:11 UTC] m dot volkov at npo-echelon dot ru
Good afternoon. Fuzzing version 8.1 using AFL. At the moment I have found 9 crashes, all of them cause Segmentation Fault. I did not find any reports about them in the bug reports, so I decided to write, maybe this will help make the PCP safer. In the example below, I indicated one of the cases.

Test script:
ZE2 __toString() in __destruct

class Test
    function __toString()
        return "Hel       echo $this;

    function __destruct()
        echo $this;

$o = new Test;
$o = NULL;

$o = new Test;


Expected result:

Actual result:
segmentation fault


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2021-08-19 11:14 UTC]
-Status: Open +Status: Duplicate -Type: Security +Type: Bug -Assigned To: +Assigned To: cmb
 [2021-08-19 11:14 UTC]
Simplified reproducer:

    class Test
        function __toString()
            return "$this";

    $o = new Test;
    echo $o;

This causes a stack overflow due to infinite recursion, and is
basically a duplicate of bug #64196.  Note that we do not classify
this as security issue, because such code is not supposed to ever
run in production.  See also our security classification[1].

[1] <>
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed Feb 21 19:01:29 2024 UTC