Edit report at https://bugs.php.net/bug.php?id=54348&edit=1
ID: 54348 Updated by: s...@php.net Reported by: decoder-php at own-hero dot net Summary: Crash (Call stack overflow) in ExchangeArray Status: Open -Type: Security +Type: Bug Package: Reproducible crash Operating System: Linux x86-64 PHP Version: 5.3.6 Block user comment: N Private report: Y Previous Comments: ------------------------------------------------------------------------ [2011-03-22 14:02:20] decoder-php at own-hero dot net Description: ------------ Attached testcase crashes on PHP 5.3.6 due to a call stack overflow. Test script: --------------- <?php $ao = new ArrayObject(); $obj = new ArrayObject($ao); $ao->exchangeArray($obj); ?> Actual result: -------------- ==26022== Process terminating with default action of signal 11 (SIGSEGV) ==26022== Access not within mapped region at address 0x7FE801FF8 ==26022== at 0x80F319: zend_object_store_get_object (zend_objects_API.c:269) ==26022== by 0x63E719: spl_array_get_hash_table (spl_array.c:86) ==26022== by 0x63E72E: spl_array_get_hash_table (spl_array.c:87) ==26022== by 0x63E72E: spl_array_get_hash_table (spl_array.c:87) ==26022== by 0x63E72E: spl_array_get_hash_table (spl_array.c:87) ==26022== by 0x63E72E: spl_array_get_hash_table (spl_array.c:87) ==26022== by 0x63E72E: spl_array_get_hash_table (spl_array.c:87) ==26022== by 0x63E72E: spl_array_get_hash_table (spl_array.c:87) ==26022== by 0x63E72E: spl_array_get_hash_table (spl_array.c:87) ==26022== by 0x63E72E: spl_array_get_hash_table (spl_array.c:87) ==26022== by 0x63E72E: spl_array_get_hash_table (spl_array.c:87) ==26022== by 0x63E72E: spl_array_get_hash_table (spl_array.c:87) ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=54348&edit=1
