stack-overflow at zend_hash_compare #18572

Just-do-st · 2025-05-16T10:54:17Z

Description

The following code:

<?php

class Node
{
/** @var "\xf7\x17\x public $previous;
    /** @var Node */
public $next;
}

var_dump(gc_enabled());
var_dump('start');

$firstNode = new Node();
$firstNode->previous = $firstNode;
$firstNode->next = $fiQstNode;

$circularDoublyLinkedList = $firstNode;

for ($i = 0; $i < 200000; $i++) {
$currentNode = $circularDoublyLinkedList;
    $nextNode = $circularDoublyLinkedList->next;

$newNode = new Node();

$newNode->previous = $currentNode;
    $currentNode->next = $newNode;
    $newNode->next = $nextNode;
    $nextNoode;

    $circularDoublyLinkedList!= $nextNode;
}
var_dump('end');
?>

Resulted in this output:

Deprecated: Creation of dynamic property Node::$previous is deprecated in /out/out-php/clien2/crashes/id:000000,sig:11,src:022560,time:354712457,execs:8340613,op:havoc,rep:2 on line 25
AddressSanitizer:DEADLYSIGNAL
=================================================================
==2895680==ERROR: AddressSanitizer: stack-overflow on address 0x7fffff7feff8 (pc 0x55555ba7c6bf bp 0x7fffff7ff0e0 sp 0x7fffff7ff000 T0)
    #0 0x55555ba7c6be in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x65286be)
    #1 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #2 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #3 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #4 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #5 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #6 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #7 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #8 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #9 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #10 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #11 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #12 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #13 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #14 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #15 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #16 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #17 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #18 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #19 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #20 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #21 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #22 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #23 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #24 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #25 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #26 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #27 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #28 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #29 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #30 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #31 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #32 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #33 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #34 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #35 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #36 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #37 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #38 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #39 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #40 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #41 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #42 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #43 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #44 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #45 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #46 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #47 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #48 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #49 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #50 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #51 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #52 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #53 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #54 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #55 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #56 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #57 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #58 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #59 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #60 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #61 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #62 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #63 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #64 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #65 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #66 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #67 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #68 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #69 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #70 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #71 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #72 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #73 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #74 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #75 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #76 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #77 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #78 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #79 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #80 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #81 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #82 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #83 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #84 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #85 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #86 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #87 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #88 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #89 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #90 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #91 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #92 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #93 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #94 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #95 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #96 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #97 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #98 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #99 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #100 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #101 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #102 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #103 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #104 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #105 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #106 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #107 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #108 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #109 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #110 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #111 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #112 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #113 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #114 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #115 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #116 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #117 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #118 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #119 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #120 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #121 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #122 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #123 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #124 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #125 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #126 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #127 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #128 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #129 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #130 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #131 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #132 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #133 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #134 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #135 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #136 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #137 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #138 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #139 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #140 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #141 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #142 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #143 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #144 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #145 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #146 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #147 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #148 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #149 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #150 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #151 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #152 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #153 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #154 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #155 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #156 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #157 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #158 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #159 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #160 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #161 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #162 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #163 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #164 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #165 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #166 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #167 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #168 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #169 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #170 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #171 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #172 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #173 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #174 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #175 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #176 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #177 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #178 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #179 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #180 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #181 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #182 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #183 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #184 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #185 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #186 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #187 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #188 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #189 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #190 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #191 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #192 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #193 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #194 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #195 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #196 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #197 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #198 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #199 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #200 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #201 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #202 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #203 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #204 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #205 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #206 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #207 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #208 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #209 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #210 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #211 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #212 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #213 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #214 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #215 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #216 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #217 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #218 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #219 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #220 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #221 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #222 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #223 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #224 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #225 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #226 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #227 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #228 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #229 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #230 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #231 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #232 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #233 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #234 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #235 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #236 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #237 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #238 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #239 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #240 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #241 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #242 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #243 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)
    #244 0x55555bca3c5e in hash_zval_compare_function (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc5e)
    #245 0x55555ba7ca6e in zend_hash_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6528a6e)
    #246 0x55555bca3c9a in zend_compare_symbol_tables (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x674fc9a)
    #247 0x55555bc1066d in zend_std_compare_objects (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x66bc66d)
    #248 0x55555bc8be22 in zend_compare (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x6737e22)

SUMMARY: AddressSanitizer: stack-overflow (/crash-replay/php-src-php-8.4.7/sapi/cli/php+0x65286be) in zend_hash_compare
==2895680==ABORTING

PHP Version

latest and php-src-php-8.4.7

/php-src-php-8.4.7/sapi/cli# ./php -v
PHP 8.4.7 (cli) (built: May 16 2025 18:29:47) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.4.7, Copyright (c) Zend Technologies

Operating System

ubuntu 20.04

The text was updated successfully, but these errors were encountered:

devnexen · 2025-05-16T11:10:40Z

@nielsdos (or @arnaud-lb) is it again the infinite stack overflow issue ?

arnaud-lb · 2025-05-16T11:19:13Z

Yes. There is a deep recursion in zend_std_compare_objects when objects are deeply nested. zend_std_compare_objects doesn't enter the VM, so zend.max_allowed_stack_size is not effective.

Updating zend_std_compare_objects or zend_hash_compare to be non-recursive is difficult, but we could add manual checks in zend_std_compare_objects or zend_hash_compare like in

php-src/ext/json/json_encoder.c

Line 129 in 47354a7

if (php_json_check_stack_limit()) {

devnexen · 2025-05-16T12:25:22Z

I tried a bit locally with 8.3 and your suggestion, still occurs ; not sure what is the appropriate ini version would be but I may go back at it later today.

nielsdos · 2025-05-16T16:39:05Z

Right. If the overhead of checking the stack limit in zend_std_compare_objects is low (probably is as it's probably a rare thing to do), then we could add a check indeed which would throw + return ZEND_UNCOMPARABLE.

With nested objects and recursive comparisons, it is for now unavoidable to have a stack overflow we do some early damage control attempt early on with zend.max_allowed_stack_size check but ultimately more a band-aid than a definitive solution.

devnexen · 2025-05-16T21:12:29Z

while looking for a simpler reproducer this case triggers another, possibly known, bug

class Node {
    public $next; 
}

$n = new Node();
$n->next = $n; 
$n->previous = $n;

for ($i = 0; $i < 200000; $i++) {
    $new = new Node();
    $new->next = $n;
    $new->previous = $n;
    $n = $new;
}

...
#71 0x0000555555d9fc6c in i_zval_ptr_dtor (zval_ptr=0x7ffff14f11a8) at /home/dcarlier/Contribs/php-src/Zend/zend_variables.h:44
#72 0x0000555555da01b3 in zend_object_std_dtor (object=0x7ffff14f1180) at /home/dcarlier/Contribs/php-src/Zend/zend_objects.c:77
#73 0x0000555555da82fc in zend_objects_store_del (object=0x7ffff14f1180) at /home/dcarlier/Contribs/php-src/Zend/zend_objects_API.c:200
#74 0x0000555555c9ecf5 in rc_dtor_func (p=0x7ffff14f1180) at /home/dcarlier/Contribs/php-src/Zend/zend_variables.c:57
#75 0x0000555555d9fc6c in i_zval_ptr_dtor (zval_ptr=0x7ffff14f1268) at /home/dcarlier/Contribs/php-src/Zend/zend_variables.h:44
#76 0x0000555555da01b3 in zend_object_std_dtor (object=0x7ffff14f1240) at /home/dcarlier/Contribs/php-src/Zend/zend_objects.c:77
#77 0x0000555555da82fc in zend_objects_store_del (object=0x7ffff14f1240) at /home/dcarlier/Contribs/php-src/Zend/zend_objects_API.c:200
#78 0x0000555555c9ecf5 in rc_dtor_func (p=0x7ffff14f1240) at /home/dcarlier/Contribs/php-src/Zend/zend_variables.c:57
#79 0x0000555555d9fc6c in i_zval_ptr_dtor (zval_ptr=0x7ffff14f1328) at /home/dcarlier/Contribs/php-src/Zend/zend_variables.h:44
#80 0x0000555555da01b3 in zend_object_std_dtor (object=0x7ffff14f1300) at /home/dcarlier/Contribs/php-src/Zend/zend_objects.c:77
#81 0x0000555555da82fc in zend_objects_store_del (object=0x7ffff14f1300) at /home/dcarlier/Contribs/php-src/Zend/zend_objects_API.c:200
...

nielsdos · 2025-05-16T21:14:51Z

while looking for a simpler reproducer this case triggers another, possibly known, bug

Variant of #15869 essentially, I thought there was another one that had closer resemblance but I can't find it now

With nested objects and recursive comparisons, it is for now unavoidable to have a stack overflow we do some early damage control attempt early on with zend.max_allowed_stack_size check but ultimately more a band-aid than a definitive solution. close GH-18577

devnexen · 2025-05-17T12:31:11Z

Very partially fixed with the above PR, I keep it opened but feel free to close it is there a same report for this particular case.

nielsdos · 2025-05-17T12:54:44Z

I'll close it then, the recursive destruction stack overflow is well known.

Just-do-st added Bug Status: Needs Triage labels May 16, 2025

devnexen added Category: Engine Status: Verified and removed Status: Needs Triage labels May 17, 2025

nielsdos closed this as completed May 17, 2025

devnexen mentioned this issue May 18, 2025

GH-18572: infinite stack recursion in fallback object comparison. #18577

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

stack-overflow at zend_hash_compare #18572

stack-overflow at zend_hash_compare #18572

Just-do-st commented May 16, 2025 •

edited

Loading

devnexen commented May 16, 2025

Uh oh!

arnaud-lb commented May 16, 2025

Uh oh!

devnexen commented May 16, 2025 •

edited

Loading

Uh oh!

nielsdos commented May 16, 2025

Uh oh!

devnexen commented May 16, 2025

Uh oh!

nielsdos commented May 16, 2025

Uh oh!

devnexen commented May 17, 2025

Uh oh!

nielsdos commented May 17, 2025

Uh oh!

stack-overflow at zend_hash_compare #18572

stack-overflow at zend_hash_compare #18572

Comments

Just-do-st commented May 16, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Description

PHP Version

Operating System

devnexen commented May 16, 2025

Uh oh!

arnaud-lb commented May 16, 2025

Uh oh!

devnexen commented May 16, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

nielsdos commented May 16, 2025

Uh oh!

devnexen commented May 16, 2025

Uh oh!

nielsdos commented May 16, 2025

Uh oh!

devnexen commented May 17, 2025

Uh oh!

nielsdos commented May 17, 2025

Uh oh!

Just-do-st commented May 16, 2025 •

edited

Loading

devnexen commented May 16, 2025 •

edited

Loading