Edit report at http://bugs.php.net/bug.php?id=54465&edit=1
ID: 54465
Comment by: wwwound at gmail dot com
Reported by: wwwound at gmail dot com
Summary: PHP crashes when passing large object to string
functions
Status: Open
Type: Bug
Package: Reproducible crash
Operating System: CentOs
PHP Version: 5.3.6
Block user comment: N
Private report: N
New Comment:
May be... But if we passing strval($foo) instead of $foo, it works fine
and
recursion doesnt currupt heap or violate memory access
Previous Comments:
------------------------------------------------------------------------
[2011-04-05 09:21:29] [email protected]
Isn't this just smashing the stack with a recursion 15603 levels deep?
------------------------------------------------------------------------
[2011-04-04 16:04:07] wwwound at gmail dot com
Description:
------------
PHP crashes when passing large object ( with __toString() method ) to
string functions (like substr(), urlencode() etc.)
Test script:
---------------
<?php
class Foo
{
protected $obj;
function rec($i = 0, $obj)
{
$this -> obj = $obj;
// >5603 - segmentation fault or zend_mm_heap corrupted
// With some values can work as expected
if ( $i < 15604) {
$this -> rec(++$i, $this);
}
}
function __toString()
{
$this -> rec(0, $this);
return "Hello, world!";
}
}
$foo = new Foo();
substr($foo, 0, 5);
// This is ok
//echo "\nHello!\n";
// But if we begin using variables "zend_mm_heap corrupted" or
"Segmentation Fault"
$a = "aaaaa\n";
echo $a;
?>
Expected result:
----------------
Expecting correct appication exit
Actual result:
--------------
"Segmentation Fault" or "zend_mm_heap corrupted" errors
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/bug.php?id=54465&edit=1
