Edit report at https://bugs.php.net/bug.php?id=63882&edit=1
ID: 63882 Updated by: dmi...@php.net Reported by: gynvael at coldwind dot pl Summary: zend_std_compare_objects crash on recursion Status: Closed Type: Bug Package: Reproducible crash Operating System: any PHP Version: 5.4.10 Assigned To: dmitry Block user comment: N Private report: N New Comment: The fix for this bug has been committed. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. For Windows: http://windows.php.net/snapshots/ Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2013-01-09 07:34:08] dmi...@php.net Automatic comment on behalf of dmi...@zend.com Revision: http://git.php.net/?p=php-src.git;a=commit;h=f9e8678dd3a41ed8a100d8201153a41d6fd25f2e Log: Fixed bug #63882 (zend_std_compare_objects crash on recursion) ------------------------------------------------------------------------ [2013-01-07 06:15:33] paj...@php.net hi Dmitry, Can you take a look at the patch please? btw, don't we have that already in place in the hash table for that? Wondering if we really need to add that for props as they are stored in the hash table anyway. ------------------------------------------------------------------------ [2013-01-02 19:03:05] a...@php.net The stack overflow happens only with default class properties. Non default object properties are stored in the HashTable and it's protected against recursion. The solution I'm suggesting in the patch is simple but could be binary incompatible to the stuff in the outer world. I mean the stuff like pre compiled pecl extensions, as the zend_object size changes. May be that should only go into 5.5 Another solution were quite complex - compare_function could be extended with a recursion count argument, but that would need a lot of places to be touched. ------------------------------------------------------------------------ [2013-01-02 18:53:25] a...@php.net The following patch has been added/updated: Patch Name: 63882.patch Revision: 1357152805 URL: https://bugs.php.net/patch-display.php?bug=63882&patch=63882.patch&revision=1357152805 ------------------------------------------------------------------------ [2013-01-01 19:27:30] gynvael at coldwind dot pl Description: ------------ The standard PHP object compare handler (zend_std_compare_objects) together with the == operator (compare_function) have no limit on nesting levels nor any anti- recursion protection. The array comparing function in compare_function does have this protection. It would be good to add it to the object standard compare handler as well. Test script: --------------- <?php class Test { public $x = 5; } $testobj1 = new Test; $testobj2 = new Test; $testobj1->x = $testobj1; $testobj2->x = $testobj2; $testobj1 == $testobj2; // Crash (stack exhaustion) Expected result: ---------------- PHP Fatal error: Nesting level too deep - recursive dependency? in test.php on line 9 Actual result: -------------- segmentation fault (core dumped) ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=63882&edit=1
