From: james at grickle dot org Operating system: Slackware Linux -current PHP version: 5CVS-2004-09-18 (dev) PHP Bug Type: Zend Engine 2 problem Bug description: values used in __set() overload don't remain consistent.
Description: ------------ All the debugging output has been done on php-5.0.1, but it happens from 5.0.1 to the 5.1 CVS tree. The class I'm using is available here: http://www.grickle.org/url.php.txt I don't know what exactly is happening, but I think that php is using a reference to a variable when it shouldn't be using a reference. In the reproduce code, there is a var_dump in the set() function just before it returns showing that in all scenarios that it did its job, howevever the var_dump of the entire class afterwards shows that something gets boched. In the larger program that this is used in, it does survive the initial urlencode() errors, however php segfaults after making only a few steps further. Here are my PHP compile flags (noting that this bug happens both through apache2 and the cli, showing that it's not a problem with the sapi): ./configure \ --prefix=/usr \ --sysconfdir=/etc \ --localstatedir=/var \ --with-zlib \ --enable-sigchild \ --with-openssl \ --enable-bcmath \ --enable-calendar \ --enable-exif \ --with-fam \ --enable-ftp \ --with-mysql \ --with-gd \ --enable-gd-native-ttf \ --enable-sysvmsg \ --enable-sysvsem \ --enable-sysvshm \ --with-tsrm-pthreads \ --enable-force-cgi-redirect \ --enable-debug \ --with-apxs2=/usr/local/apache/bin/apxs I don't have any backtraces because segfaults only happen when you continue running code after this bug gets hit. I hope you find this useful and find a fix for it because I spent about 3 hours weeding down the errors and crashes of a fairly large cms to get to this point :) Thanks, James Harr Reproduce code: --------------- <?php include_once("url.php"); $n = "page"; $u = new URL("showpages.php"); $u->$n = 1; var_dump($u); print "\n".$u->getURL()."\n"; ?> Everything works if instead of: $u->$n = 1; I call one of these: $u->__set($n,1); $u->page = 1; $u->set($n,1); Expected result: ---------------- Inside set(): page -> 1 array(1) { [0]=> array(2) { [0]=> string(4) "page" [1]=> int(1) } } object(URL)#1 (2) { ["url:private"]=> string(0) "" ["params:private"]=> array(1) { [0]=> array(2) { [0]=> string(4) "page" [1]=> int(1) } } } showpages.php?page=1 Actual result: -------------- Inside set(): page -> 1 array(1) { [0]=> array(2) { [0]=> string(4) "page" [1]=> int(1) } } object(URL)#1 (2) { ["url:private"]=> string(0) "" ["params:private"]=> array(1) { [0]=> array(2) { [0]=> &UNKNOWN:0 [1]=> int(1) } } } Warning: urlencode() expects parameter 1 to be string, unknown given in url.php on line 111 showpages.php?=1 -- Edit bug report at http://bugs.php.net/?id=30144&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=30144&r=trysnapshot4 Try a CVS snapshot (php5.0): http://bugs.php.net/fix.php?id=30144&r=trysnapshot50 Try a CVS snapshot (php5.1): http://bugs.php.net/fix.php?id=30144&r=trysnapshot51 Fixed in CVS: http://bugs.php.net/fix.php?id=30144&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=30144&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=30144&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=30144&r=needscript Try newer version: http://bugs.php.net/fix.php?id=30144&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=30144&r=support Expected behavior: http://bugs.php.net/fix.php?id=30144&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=30144&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=30144&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=30144&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=30144&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=30144&r=dst IIS Stability: http://bugs.php.net/fix.php?id=30144&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=30144&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=30144&r=float MySQL Configuration Error: http://bugs.php.net/fix.php?id=30144&r=mysqlcfg
