#29423 [Fbk-Opn]: reference count gets wrong when return-reference-calling a normal function
ID: 29423 User updated by: stefan at hotpaenz dot de Reported By: stefan at hotpaenz dot de -Status: Feedback +Status: Open Bug Type: Zend Engine 2 problem Operating System: Linux 2.6.3 PHP Version: 5CVS-2004-07-28 (dev) New Comment: The bug remains for me with latest cvs snapshot 200503070930, configured with ./configure --disable-cli --enable-cgi --without-pear --disable-all Previous Comments: [2005-03-06 22:12:14] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5-latest.tar.gz For Windows: http://snaps.php.net/win32/php5-win32-latest.zip [2004-07-28 10:59:58] stefan at hotpaenz dot de Description: See the code below: An object of ClassA is passed to FuncB, which calls FuncA with the return-by-reference operator. FuncA is not designed to return by reference. The reference count seems to get wrong by doing that so the object is discarded when FuncB returns. Reproduce code: --- ?php class ClassA { } function FuncA($obj) { return $obj; } function FuncB($obj) { $dummy = FuncA($obj); } $obj = new ClassA(); FuncB($obj); $str='This is a string' var_dump($obj); Expected result: object(ClassA)#1 (0) { } Actual result: -- string(16) This is a string -- Edit this bug report at http://bugs.php.net/?id=29423edit=1
#29423 [Opn]: reference count gets wrong when return-reference-calling a normal function
ID: 29423 User updated by: stefan at hotpaenz dot de Reported By: stefan at hotpaenz dot de Status: Open Bug Type: Zend Engine 2 problem Operating System: Linux 2.6.3 PHP Version: 5CVS-2004-07-28 (dev) New Comment: Of course you could make this code cause an fatal error (instead of the expected result that PHP4 returns), but please please please don't let it fail silently. It easily leads to errors that are really hard to track. Previous Comments: [2005-03-07 11:50:47] stefan at hotpaenz dot de The bug remains for me with latest cvs snapshot 200503070930, configured with ./configure --disable-cli --enable-cgi --without-pear --disable-all [2005-03-06 22:12:14] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5-latest.tar.gz For Windows: http://snaps.php.net/win32/php5-win32-latest.zip [2004-07-28 10:59:58] stefan at hotpaenz dot de Description: See the code below: An object of ClassA is passed to FuncB, which calls FuncA with the return-by-reference operator. FuncA is not designed to return by reference. The reference count seems to get wrong by doing that so the object is discarded when FuncB returns. Reproduce code: --- ?php class ClassA { } function FuncA($obj) { return $obj; } function FuncB($obj) { $dummy = FuncA($obj); } $obj = new ClassA(); FuncB($obj); $str='This is a string' var_dump($obj); Expected result: object(ClassA)#1 (0) { } Actual result: -- string(16) This is a string -- Edit this bug report at http://bugs.php.net/?id=29423edit=1
#29566 [Fbk-Opn]: foreach/string handling strangeness (crash)
ID: 29566 User updated by: stefan at hotpaenz dot de Reported By: stefan at hotpaenz dot de -Status: Feedback +Status: Open Bug Type: Reproducible crash Operating System: Linux 2.6.3 PHP Version: 5.0.1 New Comment: It still crashes with stable PHP5 snapshot 200408250430 and HEAD snapshot 200408250630. Is there anything else I could do beside testing again and again? I would like to help you making PHP better, and I have some C knowledge, but I don't really understand the inner workings of Zend/PHP. Is there anything I could add to the code to reveal what leads to the crash? Previous Comments: [2004-08-24 23:43:54] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5-STABLE-latest.tar.gz For Windows: http://snaps.php.net/win32/php5.0-win32-latest.zip [2004-08-24 10:32:22] stefan at hotpaenz dot de I use Linux 2.6.3 and glibc 2.3.2. PHP crashes _after_ printing the warning Invalid argument supplied for foreach() at the end of the script (perhaps when cleaning up?). I tested again with the 200408240630 snapshots (stable and HEAD). This is the HEAD backtrace: #0 _efree (ptr=0x75736f6e) at /root/php/test/php5-200408240630/Zend/zend_alloc.c:285 285 CALCULATE_REAL_SIZE_AND_CACHE_INDEX(p-size); (gdb) bt #0 _efree (ptr=0x75736f6e) at /root/php/test/php5-200408240630/Zend/zend_alloc.c:285 #1 0x08178298 in _zval_ptr_dtor (zval_ptr=0xbfffd6a8) at /root/php/test/php5-200408240630/Zend/zend_execute_API.c:390 #2 0x081a3407 in zend_switch_free_handler (execute_data=0xbfffd710) at /root/php/test/php5-200408240630/Zend/zend_execute.c:245 #3 0x0819eb48 in execute (op_array=0x8274014) at /root/php/test/php5-200408240630/Zend/zend_execute.c:1498 #4 0x08181f95 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/php/test/php5-200408240630/Zend/zend.c:1052 #5 0x0814d5ad in php_execute_script (primary_file=0xbaa0) at /root/php/test/php5-200408240630/main/main.c:1633 #6 0x081a9c81 in main (argc=2, argv=0xbb64) at /root/php/test/php5-200408240630/sapi/cgi/cgi_main.c:1568 The backtrace of stable is slightly different: #0 _efree (ptr=0x75736f6e) at /root/php/test/php5-STABLE-200408240630/Zend/zend_alloc.c:263 263 CALCULATE_REAL_SIZE_AND_CACHE_INDEX(p-size); (gdb) bt #0 _efree (ptr=0x75736f6e) at /root/php/test/php5-STABLE-200408240630/Zend/zend_alloc.c:263 #1 0x081764b8 in _zval_ptr_dtor (zval_ptr=0xbfffd678) at /root/php/test/php5-STABLE-200408240630/Zend/zend_execute_API.c:391 #2 0x081a0632 in zend_switch_free_handler (execute_data=0xbfffd6f0, opline=0x8272464, op_array=0x826deec) at /root/php/test/php5-STABLE-200408240630/Zend/zend_execute.c:210 #3 0x0819c0a9 in execute (op_array=0x826deec) at /root/php/test/php5-STABLE-200408240630/Zend/zend_execute.c:1400 #4 0x081802b5 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/php/test/php5-STABLE-200408240630/Zend/zend.c:1061 #5 0x0814b99d in php_execute_script (primary_file=0xba80) at /root/php/test/php5-STABLE-200408240630/main/main.c:1629 #6 0x081a68c7 in main (argc=2, argv=0xbb44) at /root/php/test/php5-STABLE-200408240630/sapi/cgi/cgi_main.c:1568 [2004-08-24 09:46:48] [EMAIL PROTECTED] No crash with latest HEAD (Linux 2.6.8.1, glibc 2.3.2). [2004-08-24 09:40:13] stefan at hotpaenz dot de Indeed it works fine with the latest PHP4 snapshot (200408232230 tested), but this is a PHP5 bug. For the record: It still crashes with the 200408232230 PHP5 snapshot (unstable) [2004-08-24 01:00:04] php-bugs at lists dot php dot net No feedback was provided for this bug for over a week, so it is being suspended automatically. If you are able to provide the information that was originally requested, please do so and change the status of the bug back to Open. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/29566 -- Edit this bug report at http://bugs.php.net/?id=29566edit=1
#29566 [Opn]: foreach/string handling strangeness (crash)
ID: 29566 User updated by: stefan at hotpaenz dot de Reported By: stefan at hotpaenz dot de Status: Open Bug Type: Reproducible crash Operating System: Linux 2.6.3 PHP Version: 5.0.1 New Comment: Okay, I just discovered PHP only crashes with a non-debug build. My configure line is: ./configure --disable-cli --enable-cgi --without-pear Previous Comments: [2004-08-25 09:13:18] stefan at hotpaenz dot de It still crashes with stable PHP5 snapshot 200408250430 and HEAD snapshot 200408250630. Is there anything else I could do beside testing again and again? I would like to help you making PHP better, and I have some C knowledge, but I don't really understand the inner workings of Zend/PHP. Is there anything I could add to the code to reveal what leads to the crash? [2004-08-24 23:43:54] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5-STABLE-latest.tar.gz For Windows: http://snaps.php.net/win32/php5.0-win32-latest.zip [2004-08-24 10:32:22] stefan at hotpaenz dot de I use Linux 2.6.3 and glibc 2.3.2. PHP crashes _after_ printing the warning Invalid argument supplied for foreach() at the end of the script (perhaps when cleaning up?). I tested again with the 200408240630 snapshots (stable and HEAD). This is the HEAD backtrace: #0 _efree (ptr=0x75736f6e) at /root/php/test/php5-200408240630/Zend/zend_alloc.c:285 285 CALCULATE_REAL_SIZE_AND_CACHE_INDEX(p-size); (gdb) bt #0 _efree (ptr=0x75736f6e) at /root/php/test/php5-200408240630/Zend/zend_alloc.c:285 #1 0x08178298 in _zval_ptr_dtor (zval_ptr=0xbfffd6a8) at /root/php/test/php5-200408240630/Zend/zend_execute_API.c:390 #2 0x081a3407 in zend_switch_free_handler (execute_data=0xbfffd710) at /root/php/test/php5-200408240630/Zend/zend_execute.c:245 #3 0x0819eb48 in execute (op_array=0x8274014) at /root/php/test/php5-200408240630/Zend/zend_execute.c:1498 #4 0x08181f95 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/php/test/php5-200408240630/Zend/zend.c:1052 #5 0x0814d5ad in php_execute_script (primary_file=0xbaa0) at /root/php/test/php5-200408240630/main/main.c:1633 #6 0x081a9c81 in main (argc=2, argv=0xbb64) at /root/php/test/php5-200408240630/sapi/cgi/cgi_main.c:1568 The backtrace of stable is slightly different: #0 _efree (ptr=0x75736f6e) at /root/php/test/php5-STABLE-200408240630/Zend/zend_alloc.c:263 263 CALCULATE_REAL_SIZE_AND_CACHE_INDEX(p-size); (gdb) bt #0 _efree (ptr=0x75736f6e) at /root/php/test/php5-STABLE-200408240630/Zend/zend_alloc.c:263 #1 0x081764b8 in _zval_ptr_dtor (zval_ptr=0xbfffd678) at /root/php/test/php5-STABLE-200408240630/Zend/zend_execute_API.c:391 #2 0x081a0632 in zend_switch_free_handler (execute_data=0xbfffd6f0, opline=0x8272464, op_array=0x826deec) at /root/php/test/php5-STABLE-200408240630/Zend/zend_execute.c:210 #3 0x0819c0a9 in execute (op_array=0x826deec) at /root/php/test/php5-STABLE-200408240630/Zend/zend_execute.c:1400 #4 0x081802b5 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/php/test/php5-STABLE-200408240630/Zend/zend.c:1061 #5 0x0814b99d in php_execute_script (primary_file=0xba80) at /root/php/test/php5-STABLE-200408240630/main/main.c:1629 #6 0x081a68c7 in main (argc=2, argv=0xbb44) at /root/php/test/php5-STABLE-200408240630/sapi/cgi/cgi_main.c:1568 [2004-08-24 09:46:48] [EMAIL PROTECTED] No crash with latest HEAD (Linux 2.6.8.1, glibc 2.3.2). [2004-08-24 09:40:13] stefan at hotpaenz dot de Indeed it works fine with the latest PHP4 snapshot (200408232230 tested), but this is a PHP5 bug. For the record: It still crashes with the 200408232230 PHP5 snapshot (unstable) The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/29566 -- Edit this bug report at http://bugs.php.net/?id=29566edit=1
#29566 [NoF-Opn]: foreach/string handling strangeness (crash)
ID: 29566 User updated by: stefan at hotpaenz dot de Reported By: stefan at hotpaenz dot de -Status: No Feedback +Status: Open Bug Type: Reproducible crash Operating System: Linux 2.6.3 PHP Version: 5CVS-2004-08-07 (dev) New Comment: Indeed it works fine with the latest PHP4 snapshot (200408232230 tested), but this is a PHP5 bug. For the record: It still crashes with the 200408232230 PHP5 snapshot (unstable) Previous Comments: [2004-08-24 01:00:04] php-bugs at lists dot php dot net No feedback was provided for this bug for over a week, so it is being suspended automatically. If you are able to provide the information that was originally requested, please do so and change the status of the bug back to Open. [2004-08-08 23:03:28] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php4-STABLE-latest.tar.gz For Windows: http://snaps.php.net/win32/php4-win32-STABLE-latest.zip Works fine with latest CVS. [2004-08-08 00:01:51] stefan at hotpaenz dot de Description: Consider the following code. Of course it isn't useful, but nevertheless it shouldn't crash PHP. Perhaps this is related to bug 28487 (another crash, affecting real-world scripts) because the same function zend_switch_free_handler is involved. Perhaps this is the same bug as 28574, which was closed as the problem went away. The crash I am reporting now occurs with a current snapshot (200408071830). Reproduce code: --- ? $var=This is a string; $dummy=; unset($dummy); foreach($var['nosuchkey'] as $v) { } Expected result: Warning: Invalid argument supplied for foreach() in crash.php on line 7 [no crash of course] Actual result: -- Warning: Invalid argument supplied for foreach() in crash.php on line 7 Segmentation fault (core dumped) [backtrace follows] #0 _efree (ptr=0x75736f6e) at /root/php/200408071830/php5-5.0.0/Zend/zend_alloc.c:285 285 CALCULATE_REAL_SIZE_AND_CACHE_INDEX(p-size); (gdb) bt #0 _efree (ptr=0x75736f6e) at /root/php/200408071830/php5-5.0.0/Zend/zend_alloc.c:285 #1 0x082424f8 in _zval_ptr_dtor (zval_ptr=0xbfffd698) at /root/php/200408071830/php5-5.0.0/Zend/zend_execute_API.c:396 #2 0x0827288b in zend_switch_free_handler (execute_data=0xbfffd710, opline=0x872749c, op_array=0x8722f24, tsrm_ls=0x8431018) at /root/php/200408071830/php5-5.0.0/Zend/zend_execute.c:210 #3 0x0826ce85 in execute (op_array=0x8722f24, tsrm_ls=0x8431018) at /root/php/200408071830/php5-5.0.0/Zend/zend_execute.c:1400 #4 0x0824d971 in zend_execute_scripts (type=8, tsrm_ls=0x8431018, retval=0x0, file_count=3) at /root/php/200408071830/php5-5.0.0/Zend/zend.c:1068 #5 0x08210ab4 in php_execute_script (primary_file=0xbae0, tsrm_ls=0x8431018) at /root/php/200408071830/php5-5.0.0/main/main.c:1631 #6 0x08279bec in main (argc=2, argv=0xbba4) at /root/php/200408071830/php5-5.0.0/sapi/cgi/cgi_main.c:1568 -- Edit this bug report at http://bugs.php.net/?id=29566edit=1
#29566 [NEW]: foreach/string handling strangeness (crash)
From: stefan at hotpaenz dot de Operating system: Linux 2.6.3 PHP version: 5CVS-2004-08-07 (dev) PHP Bug Type: Reproducible crash Bug description: foreach/string handling strangeness (crash) Description: Consider the following code. Of course it isn't useful, but nevertheless it shouldn't crash PHP. Perhaps this is related to bug 28487 (another crash, affecting real-world scripts) because the same function zend_switch_free_handler is involved. Perhaps this is the same bug as 28574, which was closed as the problem went away. The crash I am reporting now occurs with a current snapshot (200408071830). Reproduce code: --- ? $var=This is a string; $dummy=; unset($dummy); foreach($var['nosuchkey'] as $v) { } Expected result: Warning: Invalid argument supplied for foreach() in crash.php on line 7 [no crash of course] Actual result: -- Warning: Invalid argument supplied for foreach() in crash.php on line 7 Segmentation fault (core dumped) [backtrace follows] #0 _efree (ptr=0x75736f6e) at /root/php/200408071830/php5-5.0.0/Zend/zend_alloc.c:285 285 CALCULATE_REAL_SIZE_AND_CACHE_INDEX(p-size); (gdb) bt #0 _efree (ptr=0x75736f6e) at /root/php/200408071830/php5-5.0.0/Zend/zend_alloc.c:285 #1 0x082424f8 in _zval_ptr_dtor (zval_ptr=0xbfffd698) at /root/php/200408071830/php5-5.0.0/Zend/zend_execute_API.c:396 #2 0x0827288b in zend_switch_free_handler (execute_data=0xbfffd710, opline=0x872749c, op_array=0x8722f24, tsrm_ls=0x8431018) at /root/php/200408071830/php5-5.0.0/Zend/zend_execute.c:210 #3 0x0826ce85 in execute (op_array=0x8722f24, tsrm_ls=0x8431018) at /root/php/200408071830/php5-5.0.0/Zend/zend_execute.c:1400 #4 0x0824d971 in zend_execute_scripts (type=8, tsrm_ls=0x8431018, retval=0x0, file_count=3) at /root/php/200408071830/php5-5.0.0/Zend/zend.c:1068 #5 0x08210ab4 in php_execute_script (primary_file=0xbae0, tsrm_ls=0x8431018) at /root/php/200408071830/php5-5.0.0/main/main.c:1631 #6 0x08279bec in main (argc=2, argv=0xbba4) at /root/php/200408071830/php5-5.0.0/sapi/cgi/cgi_main.c:1568 -- Edit bug report at http://bugs.php.net/?id=29566edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=29566r=trysnapshot4 Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=29566r=trysnapshot5 Fixed in CVS: http://bugs.php.net/fix.php?id=29566r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=29566r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=29566r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=29566r=needscript Try newer version: http://bugs.php.net/fix.php?id=29566r=oldversion Not developer issue:http://bugs.php.net/fix.php?id=29566r=support Expected behavior: http://bugs.php.net/fix.php?id=29566r=notwrong Not enough info:http://bugs.php.net/fix.php?id=29566r=notenoughinfo Submitted twice:http://bugs.php.net/fix.php?id=29566r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=29566r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=29566r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=29566r=dst IIS Stability: http://bugs.php.net/fix.php?id=29566r=isapi Install GNU Sed:http://bugs.php.net/fix.php?id=29566r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=29566r=float
#29505 [NEW]: get_class_vars() severely broken when used with arrays
From: stefan at hotpaenz dot de Operating system: Linux 2.6.3 PHP version: 5CVS-2004-08-03 (dev) PHP Bug Type: Zend Engine 2 problem Bug description: get_class_vars() severely broken when used with arrays Description: The get_class_vars() function doesn't work correctly when the class contains an array. Reproduce code: --- ?php class ClassA { var $var=array(); } $var=get_class_vars('ClassA'); var_dump($var); Expected result: array(1) { [var]= array(0) { } } Actual result: -- array(1) { [var]= UNKNOWN:0 } -- Edit bug report at http://bugs.php.net/?id=29505edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=29505r=trysnapshot4 Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=29505r=trysnapshot5 Fixed in CVS: http://bugs.php.net/fix.php?id=29505r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=29505r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=29505r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=29505r=needscript Try newer version: http://bugs.php.net/fix.php?id=29505r=oldversion Not developer issue:http://bugs.php.net/fix.php?id=29505r=support Expected behavior: http://bugs.php.net/fix.php?id=29505r=notwrong Not enough info:http://bugs.php.net/fix.php?id=29505r=notenoughinfo Submitted twice:http://bugs.php.net/fix.php?id=29505r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=29505r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=29505r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=29505r=dst IIS Stability: http://bugs.php.net/fix.php?id=29505r=isapi Install GNU Sed:http://bugs.php.net/fix.php?id=29505r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=29505r=float
#28487 [Com]: crash when function declared in switch is called
ID: 28487 Comment by: stefan at hotpaenz dot de Reported By: tomas dot matousek at matfyz dot cz Status: Open Bug Type: Scripting Engine problem Operating System: WinXP PHP Version: 5.0.0RC2 New Comment: I experienced this crash on Linux 2.6.3 with PHP 4.3.3 and PHP 5.1.0-dev snapshot 200407271430. Perhaps somebody should set the category to reproducible crash. This is the PHP 5.1.0-dev backtrace: #0 0x08271843 in zend_switch_free_handler (execute_data=0xbfffd5a0, opline=0x8726fe4, op_array=0x8721970, tsrm_ls=0x8430018) at /root/php/200407271430/php5-5.0.0/Zend/zend_execute.c:200 200 if (!T(opline-op1.u.var).var.ptr_ptr) { (gdb) bt #0 0x08271843 in zend_switch_free_handler (execute_data=0xbfffd5a0, opline=0x8726fe4, op_array=0x8721970, tsrm_ls=0x8430018) at /root/php/200407271430/php5-5.0.0/Zend/zend_execute.c:200 #1 0x0826c0b5 in execute (op_array=0x8721970, tsrm_ls=0x8430018) at /root/php/200407271430/php5-5.0.0/Zend/zend_execute.c:1391 #2 0x0826fe63 in zend_do_fcall_common_helper (execute_data=0xbfffd670, opline=0x8725ecc, op_array=0x8721b94, tsrm_ls=0x8430018) at /root/php/200407271430/php5-5.0.0/Zend/zend_execute.c:2728 #3 0x0826c0b5 in execute (op_array=0x8721b94, tsrm_ls=0x8430018) at /root/php/200407271430/php5-5.0.0/Zend/zend_execute.c:1391 #4 0x0824ce31 in zend_execute_scripts (type=8, tsrm_ls=0x8430018, retval=0x0, file_count=3) at /root/php/200407271430/php5-5.0.0/Zend/zend.c:1068 #5 0x08210044 in php_execute_script (primary_file=0xba40, tsrm_ls=0x8430018) at /root/php/200407271430/php5-5.0.0/main/main.c:1631 #6 0x08278bfc in main (argc=2, argv=0xbb04) at /root/php/200407271430/php5-5.0.0/sapi/cgi/cgi_main.c:1568 Previous Comments: [2004-07-24 21:22:29] Jared dot Williams1 at ntworld dot com Just discovered this one with PHP Version 5.1.0-dev System Windows NT WIN2KS 5.0 build 2195 Build Date Jul 23 2004 16:22:08 and PHP Version 5.1.0-dev System Windows NT WIN2KS 5.0 build 2195 Build Date Jul 24 2004 20:15:28 [2004-07-20 16:35:29] jb-php at microbasic dot net I have the same problem, example : ? $somecode=1; switch($somecode){ case 1: function test(){ echo success; } test(); break; } ? With php5 final, this code was working with php 4.3.7 [2004-07-13 18:07:43] fixxxer at php5 dot ru The bug exists in the last snapshot php5-200407131230. Tested under FreeBSD 4.9 and Windows XP. (gdb) bt #0 zend_switch_free_handler (execute_data=0xbfbfe314, opline=0x84f8824, op_array=0x8504780) at /usr/ports/lang/php5/work/php-5.0.0RC3/Zend/zend_execute.c:65 #1 0x823fbcf in execute (op_array=0x8504780) at /usr/ports/lang/php5/work/php-5.0.0RC3/Zend/zend_execute.c:1391 #2 0x825d8c5 in zend_do_fcall_common_helper (execute_data=0xbfbfe404, opline=0x850e368, op_array=0x8505124) at /usr/ports/lang/php5/work/php-5.0.0RC3/Zend/zend_execute.c:2728 #3 0x825dd22 in zend_do_fcall_by_name_handler (execute_data=0xbfbfe404, opline=0x850e368, op_array=0x8505124) at /usr/ports/lang/php5/work/php-5.0.0RC3/Zend/zend_execute.c:2810 #4 0x823fbcf in execute (op_array=0x8505124) at /usr/ports/lang/php5/work/php-5.0.0RC3/Zend/zend_execute.c:1391 #5 0x821e32e in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/ports/lang/php5/work/php-5.0.0RC3/Zend/zend.c:1061 #6 0x81e3ba5 in php_execute_script (primary_file=0xbfbffac0) at /usr/ports/lang/php5/work/php-5.0.0RC3/main/main.c:1627 #7 0x82688ce in main (argc=3, argv=0xbfbffb3c) at /usr/ports/lang/php5/work/php-5.0.0RC3/sapi/cli/php_cli.c:943 [2004-05-22 12:54:44] tomas dot matousek at matfyz dot cz Description: PHP crashes when an arbitrary function declared in a switch statement is called. Reproduce code: --- ? $x = 1; switch($x) { case 1: function f() { } break; } f(); ? Expected result: no crash Actual result: -- crash -- Edit this bug report at http://bugs.php.net/?id=28487edit=1
#29423 [NEW]: reference count gets wrong when return-reference-calling a normal function
From: stefan at hotpaenz dot de Operating system: Linux 2.6.3 PHP version: 5CVS-2004-07-28 (dev) PHP Bug Type: Zend Engine 2 problem Bug description: reference count gets wrong when return-reference-calling a normal function Description: See the code below: An object of ClassA is passed to FuncB, which calls FuncA with the return-by-reference operator. FuncA is not designed to return by reference. The reference count seems to get wrong by doing that so the object is discarded when FuncB returns. Reproduce code: --- ?php class ClassA { } function FuncA($obj) { return $obj; } function FuncB($obj) { $dummy = FuncA($obj); } $obj = new ClassA(); FuncB($obj); $str='This is a string' var_dump($obj); Expected result: object(ClassA)#1 (0) { } Actual result: -- string(16) This is a string -- Edit bug report at http://bugs.php.net/?id=29423edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=29423r=trysnapshot4 Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=29423r=trysnapshot5 Fixed in CVS: http://bugs.php.net/fix.php?id=29423r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=29423r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=29423r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=29423r=needscript Try newer version: http://bugs.php.net/fix.php?id=29423r=oldversion Not developer issue:http://bugs.php.net/fix.php?id=29423r=support Expected behavior: http://bugs.php.net/fix.php?id=29423r=notwrong Not enough info:http://bugs.php.net/fix.php?id=29423r=notenoughinfo Submitted twice:http://bugs.php.net/fix.php?id=29423r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=29423r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=29423r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=29423r=dst IIS Stability: http://bugs.php.net/fix.php?id=29423r=isapi Install GNU Sed:http://bugs.php.net/fix.php?id=29423r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=29423r=float