Edit report at https://bugs.php.net/bug.php?id=55305&edit=1
ID: 55305
Updated by: dmi...@php.net
Reported by: yaa...@php.net
Summary: ref lost: 1st ref instantiated in class def, 2nd ref
made w/o instantiating
-Status: Verified
+Status: Closed
Type: Bug
Package: *General Issues
Operating System: ALL
PHP Version: 5.4SVN-2011-07-27 (SVN)
Assigned To: dmitry
Block user comment: N
Private report: N
New Comment:
This bug has been fixed in SVN.
Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
For Windows:
http://windows.php.net/snapshots/
Thank you for the report, and for helping us make PHP better.
Previous Comments:
------------------------------------------------------------------------
[2011-08-01 15:23:15] dmi...@php.net
Automatic comment from SVN on behalf of dmitry
Revision: http://svn.php.net/viewvc/?view=revision&revision=314054
Log: Fixed bug #55305 (ref lost: 1st ref instantiated in class def, 2nd ref
made w/o instantiating)
------------------------------------------------------------------------
[2011-07-28 00:31:51] cataphr...@php.net
The patch attached fixes this issue, but there may be a better way than just
building the properties hash table on zend_std_get_property_ptr_ptr.
------------------------------------------------------------------------
[2011-07-28 00:30:05] cataphr...@php.net
The following patch has been added/updated:
Patch Name: bug55305.patch
Revision: 1311813005
URL:
https://bugs.php.net/patch-display.php?bug=55305&patch=bug55305.patch&revision=1311813005
------------------------------------------------------------------------
[2011-07-28 00:30:02] cataphr...@php.net
The following patch has been added/updated:
Patch Name: bug55305.patch
Revision: 1311813002
URL:
https://bugs.php.net/patch-display.php?bug=55305&patch=bug55305.patch&revision=1311813002
------------------------------------------------------------------------
[2011-07-27 23:32:55] yaa...@php.net
Description:
------------
Reference is lost, causing segfault and/or oddities when primary reference is
edited after secondary is edited.
Occurs only when the variable name is instantiated in the class definition, and
the second reference is not instantiated before it is made. Possible
workarounds
include:
Instantiate neither variable name in the class definition
Instantiate both variable names in the class definition
Instantiate secondary variable name before making it a reference to the first:
$this->bar = nil;
$this->bar =& $this->foo;
The bug is new to 5.4.
Test script:
---------------
<?php
class Foo {
var $foo; # bug present
function __construct(){
$this->foo = '';
$this->bar =& $this->foo;
}
function dump(){
echo 'foo: ';var_dump($this->foo);
echo 'bar: ';var_dump($this->bar);
}
}
$f = new Foo();
$f->dump();
$f->foo .= 'foo';
$f->dump();
$f->bar .= 'bar';
$f->dump();
$f->foo .= 'foo';
$f->dump();
?>
Expected result:
----------------
foo: string(0) ""
bar: string(0) ""
foo: string(3) "bar"
bar: string(3) "bar"
foo: string(6) "barfoo"
bar: string(6) "barfoo"
Actual result:
--------------
varies from platform to platform
On Windows:
foo: string(0) ""
bar: NULL
foo: string(3) "foo"
bar: NULL
foo: UNKNOWN:0
bar: string(3) "bar"
CRASH
On Linux (Ubuntu 11.04):
foo: string(0) ""
bar: NULL
foo: NULL
bar: string(3) "bar"
foo: string(3) "foo"
bar: string(3) "???"
where ?? is 3 seemingly-random bytes.
OR, if an additional one-or-three-parameter method is defined in the class
(even
if it is not called):
string(0) ""
NULL
NULL
Segmentation fault
If the uncalled method has a different number of arguments, it generates a
zend_mm_heap_corrupted instead
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=55305&edit=1
