Edit report at https://bugs.php.net/bug.php?id=54860&edit=1
ID: 54860 User updated by: ninzya at inbox dot lv Reported by: ninzya at inbox dot lv Summary: PHP crash when using closures + extract(EXTR_REFS) -Status: Feedback +Status: Closed Type: Bug Package: Reproducible crash Operating System: Windows 7 PHP Version: 5.3.6 Block user comment: N Private report: N New Comment: Fixed in 5.3.7. Previous Comments: ------------------------------------------------------------------------ [2011-05-23 09:20:37] ninzya at inbox dot lv Works fine with 5.3 r311342. ------------------------------------------------------------------------ [2011-05-21 20:07:02] fel...@php.net Please try using this snapshot: http://snaps.php.net/php5.3-latest.tar.gz For Windows: http://windows.php.net/snapshots/ I can't reproduce it. ------------------------------------------------------------------------ [2011-05-19 14:02:47] ninzya at inbox dot lv Sorry, extract() has nothing to do with this issue. I was able to come up with more compact test script with no use of extract(): $x =new stdClass; $y =&$x; for( $i =0; $i < 2; ++$i) { $closure =function() use( $y) { $y->someProperty ='someValue';// crashes on second iteration }; $closure(); } This code does not crash PHP 5.3.5. It seems that references + closures became broken in 5.3.6. ------------------------------------------------------------------------ [2011-05-19 12:03:20] ninzya at inbox dot lv Description: ------------ See test script. PHP 5.3.5 is not affected. Test script: --------------- // Initially $Object is not a reference and contains a "pointer" // to an stdClass object. $Object =new stdClass; /**/ echo 'New: '; debug_zval_dump( $Object); // $Object becomes a reference to the "pointer" to an stdClass. $Object =&$Object; /**/ echo 'Self-reference: '; debug_zval_dump( $Object); // Now we import $Object into closure by value. In theory, // $Object, that is inside closure, should not be a reference, but rather // should be a variable, that "points" to stdClass (i.e. an equivalent of // $ImportedObject in expression "$ImportedObject =$Object"). $closure =function() use( $Object) { // Once you manipulate $Object, you get PHP crashed. $Object->x =10; //debug_zval_dump( $Object); }; // By calling extract() we make $Object to reference a new stdClass instance. extract( array( 'Object' =>new stdClass), EXTR_REFS); echo 'After extract: '; debug_zval_dump( $Object); // now we execute closure and get PHP crashed $closure(); Expected result: ---------------- PHP should not crash. Actual result: -------------- PHP crashes. If you put die() right before $closure(), then you get following output: line 1: New: object(stdClass)#1 (0) refcount(2){ line 2: } line 3: Self-reference: object(stdClass)#1 (0) refcount(1){ line 4: } line 5: After extract: object(stdClass)#3 (0) refcount(2){ line 6: } Some questions regarding that output: 1) why there is refcount(2) in the first line? Isn't the object referenced only once and by $Object variable? I would expect to see refcount(1) here. As you can see on line 3, refcount seems to become correct after self-referencing is being made. 2) why line 5 says object(stdClass)#3, while there were only two (and not 3) stdClass objects allocated? If you comment out closure's definition, then you get object(stdClass)#2 (an expected output). Does closure clone $Object when you say "use($Object)"? Shouldn't the stdClass object be simply "referenced" by the "use($Object)"? ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=54860&edit=1
