#29423 [Fbk-Opn]: reference count gets wrong when return-reference-calling a normal function
ID: 29423
User updated by: stefan at hotpaenz dot de
Reported By: stefan at hotpaenz dot de
-Status: Feedback
+Status: Open
Bug Type: Zend Engine 2 problem
Operating System: Linux 2.6.3
PHP Version: 5CVS-2004-07-28 (dev)
New Comment:
The bug remains for me with latest cvs snapshot
200503070930, configured with
./configure --disable-cli --enable-cgi --without-pear
--disable-all
Previous Comments:
[2005-03-06 22:12:14] [EMAIL PROTECTED]
Please try using this CVS snapshot:
http://snaps.php.net/php5-latest.tar.gz
For Windows:
http://snaps.php.net/win32/php5-win32-latest.zip
[2004-07-28 10:59:58] stefan at hotpaenz dot de
Description:
See the code below:
An object of ClassA is passed to FuncB, which calls FuncA
with the return-by-reference operator. FuncA is not
designed to return by reference.
The reference count seems to get wrong by doing that so
the object is discarded when FuncB returns.
Reproduce code:
---
?php
class ClassA { }
function FuncA($obj) {
return $obj;
}
function FuncB($obj) {
$dummy = FuncA($obj);
}
$obj = new ClassA();
FuncB($obj);
$str='This is a string'
var_dump($obj);
Expected result:
object(ClassA)#1 (0) { }
Actual result:
--
string(16) This is a string
--
Edit this bug report at http://bugs.php.net/?id=29423edit=1
#29423 [Opn]: reference count gets wrong when return-reference-calling a normal function
ID: 29423
User updated by: stefan at hotpaenz dot de
Reported By: stefan at hotpaenz dot de
Status: Open
Bug Type: Zend Engine 2 problem
Operating System: Linux 2.6.3
PHP Version: 5CVS-2004-07-28 (dev)
New Comment:
Of course you could make this code cause an fatal error
(instead of the expected result that PHP4 returns), but
please please please don't let it fail silently. It easily
leads to errors that are really hard to track.
Previous Comments:
[2005-03-07 11:50:47] stefan at hotpaenz dot de
The bug remains for me with latest cvs snapshot
200503070930, configured with
./configure --disable-cli --enable-cgi --without-pear
--disable-all
[2005-03-06 22:12:14] [EMAIL PROTECTED]
Please try using this CVS snapshot:
http://snaps.php.net/php5-latest.tar.gz
For Windows:
http://snaps.php.net/win32/php5-win32-latest.zip
[2004-07-28 10:59:58] stefan at hotpaenz dot de
Description:
See the code below:
An object of ClassA is passed to FuncB, which calls FuncA
with the return-by-reference operator. FuncA is not
designed to return by reference.
The reference count seems to get wrong by doing that so
the object is discarded when FuncB returns.
Reproduce code:
---
?php
class ClassA { }
function FuncA($obj) {
return $obj;
}
function FuncB($obj) {
$dummy = FuncA($obj);
}
$obj = new ClassA();
FuncB($obj);
$str='This is a string'
var_dump($obj);
Expected result:
object(ClassA)#1 (0) { }
Actual result:
--
string(16) This is a string
--
Edit this bug report at http://bugs.php.net/?id=29423edit=1
#29566 [Fbk-Opn]: foreach/string handling strangeness (crash)
ID: 29566 User updated by: stefan at hotpaenz dot de Reported By: stefan at hotpaenz dot de -Status: Feedback +Status: Open Bug Type: Reproducible crash Operating System: Linux 2.6.3 PHP Version: 5.0.1 New Comment: It still crashes with stable PHP5 snapshot 200408250430 and HEAD snapshot 200408250630. Is there anything else I could do beside testing again and again? I would like to help you making PHP better, and I have some C knowledge, but I don't really understand the inner workings of Zend/PHP. Is there anything I could add to the code to reveal what leads to the crash? Previous Comments: [2004-08-24 23:43:54] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5-STABLE-latest.tar.gz For Windows: http://snaps.php.net/win32/php5.0-win32-latest.zip [2004-08-24 10:32:22] stefan at hotpaenz dot de I use Linux 2.6.3 and glibc 2.3.2. PHP crashes _after_ printing the warning Invalid argument supplied for foreach() at the end of the script (perhaps when cleaning up?). I tested again with the 200408240630 snapshots (stable and HEAD). This is the HEAD backtrace: #0 _efree (ptr=0x75736f6e) at /root/php/test/php5-200408240630/Zend/zend_alloc.c:285 285 CALCULATE_REAL_SIZE_AND_CACHE_INDEX(p-size); (gdb) bt #0 _efree (ptr=0x75736f6e) at /root/php/test/php5-200408240630/Zend/zend_alloc.c:285 #1 0x08178298 in _zval_ptr_dtor (zval_ptr=0xbfffd6a8) at /root/php/test/php5-200408240630/Zend/zend_execute_API.c:390 #2 0x081a3407 in zend_switch_free_handler (execute_data=0xbfffd710) at /root/php/test/php5-200408240630/Zend/zend_execute.c:245 #3 0x0819eb48 in execute (op_array=0x8274014) at /root/php/test/php5-200408240630/Zend/zend_execute.c:1498 #4 0x08181f95 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/php/test/php5-200408240630/Zend/zend.c:1052 #5 0x0814d5ad in php_execute_script (primary_file=0xbaa0) at /root/php/test/php5-200408240630/main/main.c:1633 #6 0x081a9c81 in main (argc=2, argv=0xbb64) at /root/php/test/php5-200408240630/sapi/cgi/cgi_main.c:1568 The backtrace of stable is slightly different: #0 _efree (ptr=0x75736f6e) at /root/php/test/php5-STABLE-200408240630/Zend/zend_alloc.c:263 263 CALCULATE_REAL_SIZE_AND_CACHE_INDEX(p-size); (gdb) bt #0 _efree (ptr=0x75736f6e) at /root/php/test/php5-STABLE-200408240630/Zend/zend_alloc.c:263 #1 0x081764b8 in _zval_ptr_dtor (zval_ptr=0xbfffd678) at /root/php/test/php5-STABLE-200408240630/Zend/zend_execute_API.c:391 #2 0x081a0632 in zend_switch_free_handler (execute_data=0xbfffd6f0, opline=0x8272464, op_array=0x826deec) at /root/php/test/php5-STABLE-200408240630/Zend/zend_execute.c:210 #3 0x0819c0a9 in execute (op_array=0x826deec) at /root/php/test/php5-STABLE-200408240630/Zend/zend_execute.c:1400 #4 0x081802b5 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/php/test/php5-STABLE-200408240630/Zend/zend.c:1061 #5 0x0814b99d in php_execute_script (primary_file=0xba80) at /root/php/test/php5-STABLE-200408240630/main/main.c:1629 #6 0x081a68c7 in main (argc=2, argv=0xbb44) at /root/php/test/php5-STABLE-200408240630/sapi/cgi/cgi_main.c:1568 [2004-08-24 09:46:48] [EMAIL PROTECTED] No crash with latest HEAD (Linux 2.6.8.1, glibc 2.3.2). [2004-08-24 09:40:13] stefan at hotpaenz dot de Indeed it works fine with the latest PHP4 snapshot (200408232230 tested), but this is a PHP5 bug. For the record: It still crashes with the 200408232230 PHP5 snapshot (unstable) [2004-08-24 01:00:04] php-bugs at lists dot php dot net No feedback was provided for this bug for over a week, so it is being suspended automatically. If you are able to provide the information that was originally requested, please do so and change the status of the bug back to Open. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/29566 -- Edit this bug report at http://bugs.php.net/?id=29566edit=1
#29566 [Opn]: foreach/string handling strangeness (crash)
ID: 29566 User updated by: stefan at hotpaenz dot de Reported By: stefan at hotpaenz dot de Status: Open Bug Type: Reproducible crash Operating System: Linux 2.6.3 PHP Version: 5.0.1 New Comment: Okay, I just discovered PHP only crashes with a non-debug build. My configure line is: ./configure --disable-cli --enable-cgi --without-pear Previous Comments: [2004-08-25 09:13:18] stefan at hotpaenz dot de It still crashes with stable PHP5 snapshot 200408250430 and HEAD snapshot 200408250630. Is there anything else I could do beside testing again and again? I would like to help you making PHP better, and I have some C knowledge, but I don't really understand the inner workings of Zend/PHP. Is there anything I could add to the code to reveal what leads to the crash? [2004-08-24 23:43:54] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5-STABLE-latest.tar.gz For Windows: http://snaps.php.net/win32/php5.0-win32-latest.zip [2004-08-24 10:32:22] stefan at hotpaenz dot de I use Linux 2.6.3 and glibc 2.3.2. PHP crashes _after_ printing the warning Invalid argument supplied for foreach() at the end of the script (perhaps when cleaning up?). I tested again with the 200408240630 snapshots (stable and HEAD). This is the HEAD backtrace: #0 _efree (ptr=0x75736f6e) at /root/php/test/php5-200408240630/Zend/zend_alloc.c:285 285 CALCULATE_REAL_SIZE_AND_CACHE_INDEX(p-size); (gdb) bt #0 _efree (ptr=0x75736f6e) at /root/php/test/php5-200408240630/Zend/zend_alloc.c:285 #1 0x08178298 in _zval_ptr_dtor (zval_ptr=0xbfffd6a8) at /root/php/test/php5-200408240630/Zend/zend_execute_API.c:390 #2 0x081a3407 in zend_switch_free_handler (execute_data=0xbfffd710) at /root/php/test/php5-200408240630/Zend/zend_execute.c:245 #3 0x0819eb48 in execute (op_array=0x8274014) at /root/php/test/php5-200408240630/Zend/zend_execute.c:1498 #4 0x08181f95 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/php/test/php5-200408240630/Zend/zend.c:1052 #5 0x0814d5ad in php_execute_script (primary_file=0xbaa0) at /root/php/test/php5-200408240630/main/main.c:1633 #6 0x081a9c81 in main (argc=2, argv=0xbb64) at /root/php/test/php5-200408240630/sapi/cgi/cgi_main.c:1568 The backtrace of stable is slightly different: #0 _efree (ptr=0x75736f6e) at /root/php/test/php5-STABLE-200408240630/Zend/zend_alloc.c:263 263 CALCULATE_REAL_SIZE_AND_CACHE_INDEX(p-size); (gdb) bt #0 _efree (ptr=0x75736f6e) at /root/php/test/php5-STABLE-200408240630/Zend/zend_alloc.c:263 #1 0x081764b8 in _zval_ptr_dtor (zval_ptr=0xbfffd678) at /root/php/test/php5-STABLE-200408240630/Zend/zend_execute_API.c:391 #2 0x081a0632 in zend_switch_free_handler (execute_data=0xbfffd6f0, opline=0x8272464, op_array=0x826deec) at /root/php/test/php5-STABLE-200408240630/Zend/zend_execute.c:210 #3 0x0819c0a9 in execute (op_array=0x826deec) at /root/php/test/php5-STABLE-200408240630/Zend/zend_execute.c:1400 #4 0x081802b5 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/php/test/php5-STABLE-200408240630/Zend/zend.c:1061 #5 0x0814b99d in php_execute_script (primary_file=0xba80) at /root/php/test/php5-STABLE-200408240630/main/main.c:1629 #6 0x081a68c7 in main (argc=2, argv=0xbb44) at /root/php/test/php5-STABLE-200408240630/sapi/cgi/cgi_main.c:1568 [2004-08-24 09:46:48] [EMAIL PROTECTED] No crash with latest HEAD (Linux 2.6.8.1, glibc 2.3.2). [2004-08-24 09:40:13] stefan at hotpaenz dot de Indeed it works fine with the latest PHP4 snapshot (200408232230 tested), but this is a PHP5 bug. For the record: It still crashes with the 200408232230 PHP5 snapshot (unstable) The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/29566 -- Edit this bug report at http://bugs.php.net/?id=29566edit=1
#29566 [NoF-Opn]: foreach/string handling strangeness (crash)
ID: 29566
User updated by: stefan at hotpaenz dot de
Reported By: stefan at hotpaenz dot de
-Status: No Feedback
+Status: Open
Bug Type: Reproducible crash
Operating System: Linux 2.6.3
PHP Version: 5CVS-2004-08-07 (dev)
New Comment:
Indeed it works fine with the latest PHP4 snapshot
(200408232230 tested), but this is a PHP5 bug. For the
record: It still crashes with the 200408232230 PHP5
snapshot (unstable)
Previous Comments:
[2004-08-24 01:00:04] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to Open.
[2004-08-08 23:03:28] [EMAIL PROTECTED]
Please try using this CVS snapshot:
http://snaps.php.net/php4-STABLE-latest.tar.gz
For Windows:
http://snaps.php.net/win32/php4-win32-STABLE-latest.zip
Works fine with latest CVS.
[2004-08-08 00:01:51] stefan at hotpaenz dot de
Description:
Consider the following code. Of course it isn't useful,
but nevertheless it shouldn't crash PHP.
Perhaps this is related to bug 28487 (another crash,
affecting real-world scripts) because the same function
zend_switch_free_handler is involved.
Perhaps this is the same bug as 28574, which was closed as
the problem went away. The crash I am reporting now occurs
with a current snapshot (200408071830).
Reproduce code:
---
?
$var=This is a string;
$dummy=;
unset($dummy);
foreach($var['nosuchkey'] as $v) {
}
Expected result:
Warning: Invalid argument supplied for foreach() in
crash.php on line 7
[no crash of course]
Actual result:
--
Warning: Invalid argument supplied for foreach() in
crash.php on line 7
Segmentation fault (core dumped)
[backtrace follows]
#0 _efree (ptr=0x75736f6e)
at /root/php/200408071830/php5-5.0.0/Zend/zend_alloc.c:285
285 CALCULATE_REAL_SIZE_AND_CACHE_INDEX(p-size);
(gdb) bt
#0 _efree (ptr=0x75736f6e)
at /root/php/200408071830/php5-5.0.0/Zend/zend_alloc.c:285
#1 0x082424f8 in _zval_ptr_dtor (zval_ptr=0xbfffd698)
at /root/php/200408071830/php5-5.0.0/Zend/zend_execute_API.c:396
#2 0x0827288b in zend_switch_free_handler
(execute_data=0xbfffd710, opline=0x872749c,
op_array=0x8722f24, tsrm_ls=0x8431018)
at /root/php/200408071830/php5-5.0.0/Zend/zend_execute.c:210
#3 0x0826ce85 in execute (op_array=0x8722f24,
tsrm_ls=0x8431018)
at /root/php/200408071830/php5-5.0.0/Zend/zend_execute.c:1400
#4 0x0824d971 in zend_execute_scripts (type=8,
tsrm_ls=0x8431018, retval=0x0, file_count=3)
at /root/php/200408071830/php5-5.0.0/Zend/zend.c:1068
#5 0x08210ab4 in php_execute_script
(primary_file=0xbae0, tsrm_ls=0x8431018)
at /root/php/200408071830/php5-5.0.0/main/main.c:1631
#6 0x08279bec in main (argc=2, argv=0xbba4)
at /root/php/200408071830/php5-5.0.0/sapi/cgi/cgi_main.c:1568
--
Edit this bug report at http://bugs.php.net/?id=29566edit=1
#29566 [NEW]: foreach/string handling strangeness (crash)
From: stefan at hotpaenz dot de
Operating system: Linux 2.6.3
PHP version: 5CVS-2004-08-07 (dev)
PHP Bug Type: Reproducible crash
Bug description: foreach/string handling strangeness (crash)
Description:
Consider the following code. Of course it isn't useful,
but nevertheless it shouldn't crash PHP.
Perhaps this is related to bug 28487 (another crash,
affecting real-world scripts) because the same function
zend_switch_free_handler is involved.
Perhaps this is the same bug as 28574, which was closed as
the problem went away. The crash I am reporting now occurs
with a current snapshot (200408071830).
Reproduce code:
---
?
$var=This is a string;
$dummy=;
unset($dummy);
foreach($var['nosuchkey'] as $v) {
}
Expected result:
Warning: Invalid argument supplied for foreach() in
crash.php on line 7
[no crash of course]
Actual result:
--
Warning: Invalid argument supplied for foreach() in
crash.php on line 7
Segmentation fault (core dumped)
[backtrace follows]
#0 _efree (ptr=0x75736f6e)
at /root/php/200408071830/php5-5.0.0/Zend/zend_alloc.c:285
285 CALCULATE_REAL_SIZE_AND_CACHE_INDEX(p-size);
(gdb) bt
#0 _efree (ptr=0x75736f6e)
at /root/php/200408071830/php5-5.0.0/Zend/zend_alloc.c:285
#1 0x082424f8 in _zval_ptr_dtor (zval_ptr=0xbfffd698)
at /root/php/200408071830/php5-5.0.0/Zend/zend_execute_API.c:396
#2 0x0827288b in zend_switch_free_handler
(execute_data=0xbfffd710, opline=0x872749c,
op_array=0x8722f24, tsrm_ls=0x8431018)
at /root/php/200408071830/php5-5.0.0/Zend/zend_execute.c:210
#3 0x0826ce85 in execute (op_array=0x8722f24,
tsrm_ls=0x8431018)
at /root/php/200408071830/php5-5.0.0/Zend/zend_execute.c:1400
#4 0x0824d971 in zend_execute_scripts (type=8,
tsrm_ls=0x8431018, retval=0x0, file_count=3)
at /root/php/200408071830/php5-5.0.0/Zend/zend.c:1068
#5 0x08210ab4 in php_execute_script
(primary_file=0xbae0, tsrm_ls=0x8431018)
at /root/php/200408071830/php5-5.0.0/main/main.c:1631
#6 0x08279bec in main (argc=2, argv=0xbba4)
at /root/php/200408071830/php5-5.0.0/sapi/cgi/cgi_main.c:1568
--
Edit bug report at http://bugs.php.net/?id=29566edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=29566r=trysnapshot4
Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=29566r=trysnapshot5
Fixed in CVS: http://bugs.php.net/fix.php?id=29566r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=29566r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=29566r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=29566r=needscript
Try newer version: http://bugs.php.net/fix.php?id=29566r=oldversion
Not developer issue:http://bugs.php.net/fix.php?id=29566r=support
Expected behavior: http://bugs.php.net/fix.php?id=29566r=notwrong
Not enough info:http://bugs.php.net/fix.php?id=29566r=notenoughinfo
Submitted twice:http://bugs.php.net/fix.php?id=29566r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=29566r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=29566r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=29566r=dst
IIS Stability: http://bugs.php.net/fix.php?id=29566r=isapi
Install GNU Sed:http://bugs.php.net/fix.php?id=29566r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=29566r=float
#29505 [NEW]: get_class_vars() severely broken when used with arrays
From: stefan at hotpaenz dot de
Operating system: Linux 2.6.3
PHP version: 5CVS-2004-08-03 (dev)
PHP Bug Type: Zend Engine 2 problem
Bug description: get_class_vars() severely broken when used with arrays
Description:
The get_class_vars() function doesn't work correctly when
the class contains an array.
Reproduce code:
---
?php
class ClassA {
var $var=array();
}
$var=get_class_vars('ClassA');
var_dump($var);
Expected result:
array(1) {
[var]=
array(0) {
}
}
Actual result:
--
array(1) {
[var]=
UNKNOWN:0
}
--
Edit bug report at http://bugs.php.net/?id=29505edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=29505r=trysnapshot4
Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=29505r=trysnapshot5
Fixed in CVS: http://bugs.php.net/fix.php?id=29505r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=29505r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=29505r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=29505r=needscript
Try newer version: http://bugs.php.net/fix.php?id=29505r=oldversion
Not developer issue:http://bugs.php.net/fix.php?id=29505r=support
Expected behavior: http://bugs.php.net/fix.php?id=29505r=notwrong
Not enough info:http://bugs.php.net/fix.php?id=29505r=notenoughinfo
Submitted twice:http://bugs.php.net/fix.php?id=29505r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=29505r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=29505r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=29505r=dst
IIS Stability: http://bugs.php.net/fix.php?id=29505r=isapi
Install GNU Sed:http://bugs.php.net/fix.php?id=29505r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=29505r=float
#28487 [Com]: crash when function declared in switch is called
ID: 28487
Comment by: stefan at hotpaenz dot de
Reported By: tomas dot matousek at matfyz dot cz
Status: Open
Bug Type: Scripting Engine problem
Operating System: WinXP
PHP Version: 5.0.0RC2
New Comment:
I experienced this crash on Linux 2.6.3 with PHP 4.3.3 and
PHP 5.1.0-dev snapshot 200407271430. Perhaps somebody
should set the category to reproducible crash.
This is the PHP 5.1.0-dev backtrace:
#0 0x08271843 in zend_switch_free_handler
(execute_data=0xbfffd5a0, opline=0x8726fe4,
op_array=0x8721970, tsrm_ls=0x8430018)
at /root/php/200407271430/php5-5.0.0/Zend/zend_execute.c:200
200 if (!T(opline-op1.u.var).var.ptr_ptr) {
(gdb) bt
#0 0x08271843 in zend_switch_free_handler
(execute_data=0xbfffd5a0, opline=0x8726fe4,
op_array=0x8721970, tsrm_ls=0x8430018)
at /root/php/200407271430/php5-5.0.0/Zend/zend_execute.c:200
#1 0x0826c0b5 in execute (op_array=0x8721970,
tsrm_ls=0x8430018)
at /root/php/200407271430/php5-5.0.0/Zend/zend_execute.c:1391
#2 0x0826fe63 in zend_do_fcall_common_helper
(execute_data=0xbfffd670, opline=0x8725ecc,
op_array=0x8721b94, tsrm_ls=0x8430018)
at /root/php/200407271430/php5-5.0.0/Zend/zend_execute.c:2728
#3 0x0826c0b5 in execute (op_array=0x8721b94,
tsrm_ls=0x8430018)
at /root/php/200407271430/php5-5.0.0/Zend/zend_execute.c:1391
#4 0x0824ce31 in zend_execute_scripts (type=8,
tsrm_ls=0x8430018, retval=0x0, file_count=3)
at /root/php/200407271430/php5-5.0.0/Zend/zend.c:1068
#5 0x08210044 in php_execute_script
(primary_file=0xba40, tsrm_ls=0x8430018)
at /root/php/200407271430/php5-5.0.0/main/main.c:1631
#6 0x08278bfc in main (argc=2, argv=0xbb04)
at /root/php/200407271430/php5-5.0.0/sapi/cgi/cgi_main.c:1568
Previous Comments:
[2004-07-24 21:22:29] Jared dot Williams1 at ntworld dot com
Just discovered this one with
PHP Version 5.1.0-dev
System Windows NT WIN2KS 5.0 build 2195
Build Date Jul 23 2004 16:22:08
and
PHP Version 5.1.0-dev
System Windows NT WIN2KS 5.0 build 2195
Build Date Jul 24 2004 20:15:28
[2004-07-20 16:35:29] jb-php at microbasic dot net
I have the same problem, example :
?
$somecode=1;
switch($somecode){
case 1:
function test(){
echo success;
}
test();
break;
}
?
With php5 final, this code was working with php 4.3.7
[2004-07-13 18:07:43] fixxxer at php5 dot ru
The bug exists in the last snapshot php5-200407131230.
Tested under FreeBSD 4.9 and Windows XP.
(gdb) bt
#0 zend_switch_free_handler (execute_data=0xbfbfe314,
opline=0x84f8824, op_array=0x8504780)
at /usr/ports/lang/php5/work/php-5.0.0RC3/Zend/zend_execute.c:65
#1 0x823fbcf in execute (op_array=0x8504780) at
/usr/ports/lang/php5/work/php-5.0.0RC3/Zend/zend_execute.c:1391
#2 0x825d8c5 in zend_do_fcall_common_helper (execute_data=0xbfbfe404,
opline=0x850e368, op_array=0x8505124)
at /usr/ports/lang/php5/work/php-5.0.0RC3/Zend/zend_execute.c:2728
#3 0x825dd22 in zend_do_fcall_by_name_handler
(execute_data=0xbfbfe404, opline=0x850e368, op_array=0x8505124)
at /usr/ports/lang/php5/work/php-5.0.0RC3/Zend/zend_execute.c:2810
#4 0x823fbcf in execute (op_array=0x8505124) at
/usr/ports/lang/php5/work/php-5.0.0RC3/Zend/zend_execute.c:1391
#5 0x821e32e in zend_execute_scripts (type=8, retval=0x0,
file_count=3)
at /usr/ports/lang/php5/work/php-5.0.0RC3/Zend/zend.c:1061
#6 0x81e3ba5 in php_execute_script (primary_file=0xbfbffac0) at
/usr/ports/lang/php5/work/php-5.0.0RC3/main/main.c:1627
#7 0x82688ce in main (argc=3, argv=0xbfbffb3c) at
/usr/ports/lang/php5/work/php-5.0.0RC3/sapi/cli/php_cli.c:943
[2004-05-22 12:54:44] tomas dot matousek at matfyz dot cz
Description:
PHP crashes when an arbitrary function declared in a switch statement
is called.
Reproduce code:
---
?
$x = 1;
switch($x)
{
case 1:
function f() { }
break;
}
f();
?
Expected result:
no crash
Actual result:
--
crash
--
Edit this bug report at http://bugs.php.net/?id=28487edit=1
#29423 [NEW]: reference count gets wrong when return-reference-calling a normal function
From: stefan at hotpaenz dot de
Operating system: Linux 2.6.3
PHP version: 5CVS-2004-07-28 (dev)
PHP Bug Type: Zend Engine 2 problem
Bug description: reference count gets wrong when return-reference-calling a normal
function
Description:
See the code below:
An object of ClassA is passed to FuncB, which calls FuncA
with the return-by-reference operator. FuncA is not
designed to return by reference.
The reference count seems to get wrong by doing that so
the object is discarded when FuncB returns.
Reproduce code:
---
?php
class ClassA { }
function FuncA($obj) {
return $obj;
}
function FuncB($obj) {
$dummy = FuncA($obj);
}
$obj = new ClassA();
FuncB($obj);
$str='This is a string'
var_dump($obj);
Expected result:
object(ClassA)#1 (0) { }
Actual result:
--
string(16) This is a string
--
Edit bug report at http://bugs.php.net/?id=29423edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=29423r=trysnapshot4
Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=29423r=trysnapshot5
Fixed in CVS: http://bugs.php.net/fix.php?id=29423r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=29423r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=29423r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=29423r=needscript
Try newer version: http://bugs.php.net/fix.php?id=29423r=oldversion
Not developer issue:http://bugs.php.net/fix.php?id=29423r=support
Expected behavior: http://bugs.php.net/fix.php?id=29423r=notwrong
Not enough info:http://bugs.php.net/fix.php?id=29423r=notenoughinfo
Submitted twice:http://bugs.php.net/fix.php?id=29423r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=29423r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=29423r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=29423r=dst
IIS Stability: http://bugs.php.net/fix.php?id=29423r=isapi
Install GNU Sed:http://bugs.php.net/fix.php?id=29423r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=29423r=float
