Fix infinite recursion in unlinked_instanceof

I suspect this is only a partial fix for the issue, it's probably possible to recurse through a more complex pathway as well. Fixes oss-fuzz #28961.
2024-09-21 09:57:23 +00:00 · 2021-01-05 13:02:30 +01:00 · 2021-01-05 13:02:30 +01:00 · dd335359e9
commit dd335359e9
parent 5e57f37247
2 changed files with 19 additions and 1 deletions
--- a/Zend/tests/type_declarations/variance/infinite_recursion.phpt
+++ b/Zend/tests/type_declarations/variance/infinite_recursion.phpt
@ -0,0 +1,17 @@
+--TEST--
+Infinite recursion in unlinked_instanceof()
+--FILE--
+<?php
+interface I {}
+spl_autoload_register(function() {
+    class X {
+        function test(): I {}
+    }
+    class Y extends X {
+        function test(): C {}
+    }
+});
+class C extends Z implements C {}
+?>
+--EXPECTF--
+Fatal error: Declaration of Y::test(): C must be compatible with X::test(): I in %s on line %d
--- a/Zend/zend_inheritance.c
+++ b/Zend/zend_inheritance.c
@ -311,7 +311,8 @@ static zend_bool unlinked_instanceof(zend_class_entry *ce1, zend_class_entry *ce
 				zend_class_entry *ce = zend_lookup_class_ex(
 					ce1->interface_names[i].name, ce1->interface_names[i].lc_name,
 					ZEND_FETCH_CLASS_ALLOW_UNLINKED | ZEND_FETCH_CLASS_NO_AUTOLOAD);
-				if (ce && unlinked_instanceof(ce, ce2)) {
+				/* Avoid recursing if class implements ifself. */
+				if (ce && ce != ce1 && unlinked_instanceof(ce, ce2)) {
 					return 1;
 				}
 			}