ID: 49037 Updated by: dmi...@php.net Reported By: alex dot emsenhuber at bluewin dot ch -Status: Assigned +Status: Closed Bug Type: Scripting Engine problem Operating System: Mac OS X 10.5.7 PHP Version: 6SVN-2009-07-23 (SVN) Assigned To: dmitry New Comment:
This bug has been fixed in SVN. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2009-07-28 13:01:41] s...@php.net Automatic comment from SVN on behalf of dmitry Revision: http://svn.php.net/viewvc/?view=revision&revision=286454 Log: Fixed bug #49037 (@list( $b ) = $a; causes a crash) ------------------------------------------------------------------------ [2009-07-23 18:27:02] alex dot emsenhuber at bluewin dot ch Description: ------------ When using @list( $b ) = $a; on PHP 6, it seems that a new opcode is inserted that frees a temp variable set from $a (see the "Actual result" section below) and thus segfaults when using $a later. When I set breakpoints on all lines that contains "SWITCH_FREE" in Zend_execute.c, it's the one at line 1170 in function zend_do_free() that is called. Reproduce code: --------------- <?php $a = array( "c" ); @list( $b ) = $a; var_dump( $a ); I also used vld to get the opcodes produced by the laguage parser. Expected result: ---------------- array(1) { [0]=> string(1) "c" } Analyse with vld: $ PHP_5_3/sapi/cli/php -dvld.active=1 ~/test.php Branch analysis from position: 0 Return found filename: /Users/alexandre/test.php function name: (null) number of ops: 11 compiled vars: !0 = $a line # op fetch ext return operands ------------------------------------------------------------------------------- 2 0 INIT_ARRAY ~0 'c' 1 ASSIGN !0, ~0 3 2 BEGIN_SILENCE ~2 3 FETCH_R local $4 'a' 4 FETCH_DIM_R $5 $4, 0 5 FETCH_W local $3 'b' 6 ASSIGN $3, $5 7 END_SILENCE ~2 4 8 SEND_VAR !0 9 DO_FCALL 1 'var_dump' 5 10 RETURN 1 Actual result: -------------- Segmentation fault. Analyse with vld: $ PHP_6/sapi/cli/php -dvld.active=1 ~/test.php Branch analysis from position: 0 Return found filename: /Users/alexandre/test.php function name: (null) number of ops: 12 compiled vars: !0 = $a line # op fetch ext return operands ------------------------------------------------------------------------------- 2 0 INIT_ARRAY ~0 c 1 ASSIGN !0, ~0 3 2 BEGIN_SILENCE ~2 3 FETCH_R local $4 a 4 FETCH_DIM_TMP_VAR $5 $4, 0 5 FETCH_W local $3 b 6 ASSIGN $3, $5 7 END_SILENCE ~2 8 SWITCH_FREE $4 4 9 SEND_VAR !0 10 DO_FCALL 1 var_dump 5 11 RETURN 1 You can see the new opcode "SWITCH_FREE" at position 8. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=49037&edit=1
