Edit report at https://bugs.php.net/bug.php?id=63882&edit=1
ID: 63882 Updated by: a...@php.net Reported by: gynvael at coldwind dot pl Summary: zend_std_compare_objects crash on recursion Status: Open Type: Bug Package: Reproducible crash Operating System: any PHP Version: 5.4.10 Block user comment: N Private report: N New Comment: The stack overflow happens only with default class properties. Non default object properties are stored in the HashTable and it's protected against recursion. The solution I'm suggesting in the patch is simple but could be binary incompatible to the stuff in the outer world. I mean the stuff like pre compiled pecl extensions, as the zend_object size changes. May be that should only go into 5.5 Another solution were quite complex - compare_function could be extended with a recursion count argument, but that would need a lot of places to be touched. Previous Comments: ------------------------------------------------------------------------ [2013-01-02 18:53:25] a...@php.net The following patch has been added/updated: Patch Name: 63882.patch Revision: 1357152805 URL: https://bugs.php.net/patch-display.php?bug=63882&patch=63882.patch&revision=1357152805 ------------------------------------------------------------------------ [2013-01-01 19:27:30] gynvael at coldwind dot pl Description: ------------ The standard PHP object compare handler (zend_std_compare_objects) together with the == operator (compare_function) have no limit on nesting levels nor any anti- recursion protection. The array comparing function in compare_function does have this protection. It would be good to add it to the object standard compare handler as well. Test script: --------------- <?php class Test { public $x = 5; } $testobj1 = new Test; $testobj2 = new Test; $testobj1->x = $testobj1; $testobj2->x = $testobj2; $testobj1 == $testobj2; // Crash (stack exhaustion) Expected result: ---------------- PHP Fatal error: Nesting level too deep - recursive dependency? in test.php on line 9 Actual result: -------------- segmentation fault (core dumped) ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=63882&edit=1
