json-schema: infinite loop with Constraint::CHECK_MODE_APPLY_DEFAULTS

I’ve found an issue, with some schema, the validator will go into an infinite loop and eventually terminate when the allowed memory is exhausted, you can reproduce the issue with this code :

<?php

include_once __DIR__."/../vendor/autoload.php";

$validator = new \JsonSchema\Validator();

$data = [];
$schema = (object)['$ref' => 'http://json-schema.org/draft-04/schema'];

echo __LINE__, PHP_EOL;

$validator->validate($data, $schema);

echo __LINE__, PHP_EOL;

$validator->validate($data, $schema, \JsonSchema\Constraints\Constraint::CHECK_MODE_APPLY_DEFAULTS);

echo __LINE__, PHP_EOL;

I’m not sure yet what is causing this. I’ll guess a infinite recursion has been introduced in UndefinedConstraint::validateCommonProperties. I’ll try to make another reproduction of the bug with a smaller schema

About this issue

Original URL
State: closed
Created 7 years ago
Comments: 37 (10 by maintainers)

Commits related to this issue

Fix infinite recursion on some schemas when setting defaults (#359) (#365) * Don't try to fetch files that don't exist Throws an exception when the ref can't be resolved to a useful file URI, rat... — committed to justinrainbow/json-schema by erayd 7 years ago
Fix infinite recursion on some schemas when setting defaults (#359) (#365) * Don't try to fetch files that don't exist Throws an exception when the ref can't be resolved to a useful file URI, rat... — committed to erayd/json-schema by erayd 7 years ago
Backports for 5.2.0 (#368) * Add URI translation for retrieval & add local copies of spec schema * Add use line for InvalidArgumentException & adjust scope (#372) Fixes issue #371 * add quie... — committed to justinrainbow/json-schema by erayd 7 years ago
Fix infinite recursion on some schemas when setting defaults (#359) (#365) * Don't try to fetch files that don't exist Throws an exception when the ref can't be resolved to a useful file URI, rat... — committed to erayd/json-schema by erayd 7 years ago

Most upvoted comments

Here is how some of this was addressed in the past:

https://github.com/justinrainbow/json-schema/pull/184

https://github.com/edisonthk/json-schema/blob/0e895e7e6b7be3e53d7038a36161fa9f5be5cbe6/src/JsonSchema/RefResolver.php#L31

Interesting stuff…

bighappyface on Mar 2, 2017

Following discussion on #263, I think that for now, not setting defaults-on-defaults is a good idea. Does anyone object to this? If not, then I will go ahead and implement this restriction.

erayd on Mar 6, 2017

@mathroc Have opened #365 to aid collaboration on this, so we’re at least looking at the same code.

erayd on Mar 1, 2017

Yeah, there’s some bloody weird behavior happening in there. Still haven’t found the root cause, although I’m getting there. Working on several things at once, so it’s taking a while.

erayd on Feb 23, 2017

Have nailed it down to this so far as a minimal test case:

{
    "properties": {
        "propertyOne": {
            "anyOf": [
                { "$ref": "#" }
            ],
            "default": {}
        }
    }
}

erayd on Feb 23, 2017