This is a bit involved, I'll try to explain. I'm trying to fix a problem in the LDAP extension, but not sure how best to do it.
The issue is that code like $e = ldap_first_entry($ds, ldap_read($ds,$dn,"objectClass=*")); $a = ldap_get_attributes($ds, $e); crashes. What happens is that ldap_read() returns a resource. After ldap_first_entry() is executed, the resource returned by ldap_read() is freed because it is not referred any more, at least it looks that way to the Zend. The destructor for that resource will free the result obtained by ldap_read(). The problem is that the resource returned by ldap_first_entry() is simply a pointer inside the data obtained with ldap_read(), but this has now been freed, so when ldap_get_attributes() tries to access it, it's already freed. The solution would be to make sure that the result resource created by ldap_read() is not freed as long as there exists entry resources created by ldap_first_entry() etc. Or that the result destructor for the resource created by ldap_read() does not free it, and have the entry destructor (created by ldap_first_entry() etc) free the memory if it is the last entry resource for that result resource. That would require some additional data structures and refcounting though. Maybe a Zend variable could be used and let Zend do the ref counting, perhaps I could increase the refcount for the result resource each time I create an entry resource, and decrease it again in the entry destructor? Anyone got some advice? BTW, the following code works $info = ldap_read($ds,$dn,"objectClass=*"); $e = ldap_first_entry($ds, $info); $a = ldap_get_attributes($ds, $e); since $info is not freed until the script finishes. This is why this bug hasn't been found before (AFAIK). Stig -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
