Skip to content

stack overflow in json_encode() #15168

New issue
New issue
Closed
Closed
stack overflow in json_encode()#15168
Labels
BugExtension: jsonStatus: Verified
@YuanchengJiang

Description

@YuanchengJiang
YuanchengJiang
opened on Jul 30, 2024

Description

The following code:

<?php
  
class Node
{
    /** @var Node */
    public $previous;
    /** @var Node */
    public $next;
}
$firstNode = new Node();
$firstNode->previous = $firstNode;
$firstNode->next = $firstNode;
$circularDoublyLinkedList = $firstNode;
for ($i = 0; $i < 200000; $i++) {
    $currentNode = $circularDoublyLinkedList;
    $nextNode = $circularDoublyLinkedList->next;
    $newNode = new Node();
    $newNode->previous = $currentNode;
    $currentNode->next = $newNode;
    $newNode->next = $nextNode;
    $nextNode->previous = $newNode;
    $circularDoublyLinkedList = $nextNode;
}
$random_var=$GLOBALS[array_rand($GLOBALS)];
json_encode($circularDoublyLinkedList);
?>

Resulted in this output:

AddressSanitizer:DEADLYSIGNAL
=================================================================
==785404==ERROR: AddressSanitizer: stack-overflow on address 0x7ffe577a9eb8 (pc 0x7f8c68704379 bp 0x7ffe577aa750 sp 0x7ffe577a9ec0 T0)
    #0 0x7f8c68704378 in __interceptor_memcpy ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:790
    #1 0x564774053b9d in smart_str_appendl_ex /php-src/Zend/zend_smart_str.h:130
    #2 0x564774053f42 in smart_str_appendl /php-src/Zend/zend_smart_str.h:168
    #3 0x56477405967f in php_json_escape_string /php-src/ext/json/json_encoder.c:365
    #4 0x564774055dfc in php_json_encode_array /php-src/ext/json/json_encoder.c:167
    #5 0x56477405d61d in php_json_encode_zval /php-src/ext/json/json_encoder.c:656
    #6 0x564774056115 in php_json_encode_array /php-src/ext/json/json_encoder.c:178
    #7 0x56477405d61d in php_json_encode_zval /php-src/ext/json/json_encoder.c:656
    #8 0x564774056115 in php_json_encode_array /php-src/ext/json/json_encoder.c:178
   ...
    #247 0x56477405d61d in php_json_encode_zval /php-src/ext/json/json_encoder.c:656
    #248 0x564774056115 in php_json_encode_array /php-src/ext/json/json_encoder.c:178

SUMMARY: AddressSanitizer: stack-overflow ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:790 in __interceptor_memcpy
==785404==ABORTING

PHP Version

PHP 8.4.0-dev

Operating System

ubuntu 22.04

Metadata

Metadata

Assignees

No one assigned

    Labels

    BugExtension: jsonStatus: Verified

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions