Edit report at http://bugs.php.net/bug.php?id=52001&edit=1
ID: 52001 Updated by: dmi...@php.net Reported by: lisio at bk dot ru Summary: Memory allocation problems after using variable variables -Status: Assigned +Status: Closed Type: Bug Package: Scripting Engine problem Operating System: Linux PHP Version: 5.3.2 Assigned To: dmitry New Comment: This bug has been fixed in SVN. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2010-06-10 11:13:24] dmi...@php.net Automatic comment from SVN on behalf of dmitry Revision: http://svn.php.net/viewvc/?view=revision&revision=300345 Log: Fixed bug #52001 (Memory allocation problems after using variable variables) ------------------------------------------------------------------------ [2010-06-08 11:22:57] boldin dot pavel at gmail dot com old patch brokes tests (Zend/tests/objects_020.phpt), new one don't. Still don't sure if it is absolutely correct. ------------------------------------------------------------------------ [2010-06-06 19:15:45] boldin dot pavel at gmail dot com Zend/zend_compile.c 1066: if (opline && type == BP_VAR_W && arg_offset) { opline->extended_value = ZEND_FETCH_MAKE_REF; } Is not this bug too? ZEND_FETCH_MAKE_REF is not set for first (arg_offset == 0) arg? ------------------------------------------------------------------------ [2010-06-06 19:06:29] boldin dot pavel at gmail dot com I have attached patch. It must be reviewed by professional PHP developer. For me it is clearly that call of SEPARATE_ZVAL_TO_MAKE_IS_REF must be predicated with such a check (and it is done in all other cases). ------------------------------------------------------------------------ [2010-06-06 18:38:05] boldin dot pavel at gmail dot com Finally: bug is at if (opline->extended_value & ZEND_FETCH_MAKE_REF) { SEPARATE_ZVAL_TO_MAKE_IS_REF(retval); } SEPARATE_ZVAL_TO_MAKE_IS_REF seems to ruine *retval (which is executor_globals.uninitialized_ptr). Then this leads to incorrectly working zend_send_by_var_helper and incorrect referencing count in zend_assign_to_variable. Trying to patch now. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/bug.php?id=52001 -- Edit this bug report at http://bugs.php.net/bug.php?id=52001&edit=1