#25547 [Ver]: error_handler and array index with function call
ID: 25547
User updated by: cschneid at cschneid dot com
Reported By: cschneid at cschneid dot com
Status: Verified
-Bug Type: Zend Engine 2 problem
+Bug Type: Scripting Engine problem
Operating System: *
PHP Version: 4CVS
New Comment:
Problem still exists in PHP4 branch
Previous Comments:
[2003-12-31 03:17:39] [EMAIL PROTECTED]
The bug is fixed in PHP5 CVS (zend.c,v 1.260).
[2003-10-16 04:09:39] [EMAIL PROTECTED]
You now have a memory leak. I tried something similar too. But we
decided to look for a better solution where we don't gc the variable we
still need.
[2003-10-15 08:19:08] cschneid at cschneid dot com
The problem seems to be that dim-value is overwritten, copying the
value solves this. I don't have enough insight in Zend to know if this
is a memory leak and the values should be freed at some point or if
this is ok.
Hope this helps:
diff -u -u -r1.316.2.21 zend_execute.c
--- Zend/zend_execute.c 30 Jul 2003 16:33:54 - 1.316.2.21
+++ Zend/zend_execute.c 15 Oct 2003 12:17:10 -
@@ -626,7 +626,7 @@
offset_key_length = 0;
goto fetch_string_dim;
case IS_STRING:
- offset_key = dim-value.str.val;
+ offset_key = estrndup(dim-value.str.val,
dim-value.str.len);
offset_key_length = dim-value.str.len;
fetch_string_dim:
[2003-09-15 13:37:55] cschneid at cschneid dot com
Description:
Error handler seems to destroy array indices if called due
to a undefined array index generated by a function.
Reproduce code:
---
function handler($errno, $errstr, $errfile, $errline)
{
$test = aaa;
}
set_error_handler('handler');
$output[trim(bbb)]++;
print_r($output);
Expected result:
Array
(
[bbb] = 1
)
Actual result:
--
Array
(
[aaa] = 1
)
--
Edit this bug report at http://bugs.php.net/?id=25547edit=1
#25547 [Ver]: error_handler and array index with function call
ID: 25547
User updated by: cschneid at cschneid dot com
Reported By: cschneid at cschneid dot com
Status: Verified
Bug Type: Scripting Engine problem
Operating System: *
PHP Version: 4CVS
New Comment:
A workaround patch (without memory leak ;-)) can be found at
http://cschneid.com/php/php4/bug25547.patch
Previous Comments:
[2004-01-04 17:49:09] cschneid at cschneid dot com
Problem still exists in PHP4 branch
[2003-12-31 03:17:39] [EMAIL PROTECTED]
The bug is fixed in PHP5 CVS (zend.c,v 1.260).
[2003-10-16 04:09:39] [EMAIL PROTECTED]
You now have a memory leak. I tried something similar too. But we
decided to look for a better solution where we don't gc the variable we
still need.
[2003-10-15 08:19:08] cschneid at cschneid dot com
The problem seems to be that dim-value is overwritten, copying the
value solves this. I don't have enough insight in Zend to know if this
is a memory leak and the values should be freed at some point or if
this is ok.
Hope this helps:
diff -u -u -r1.316.2.21 zend_execute.c
--- Zend/zend_execute.c 30 Jul 2003 16:33:54 - 1.316.2.21
+++ Zend/zend_execute.c 15 Oct 2003 12:17:10 -
@@ -626,7 +626,7 @@
offset_key_length = 0;
goto fetch_string_dim;
case IS_STRING:
- offset_key = dim-value.str.val;
+ offset_key = estrndup(dim-value.str.val,
dim-value.str.len);
offset_key_length = dim-value.str.len;
fetch_string_dim:
[2003-09-15 13:37:55] cschneid at cschneid dot com
Description:
Error handler seems to destroy array indices if called due
to a undefined array index generated by a function.
Reproduce code:
---
function handler($errno, $errstr, $errfile, $errline)
{
$test = aaa;
}
set_error_handler('handler');
$output[trim(bbb)]++;
print_r($output);
Expected result:
Array
(
[bbb] = 1
)
Actual result:
--
Array
(
[aaa] = 1
)
--
Edit this bug report at http://bugs.php.net/?id=25547edit=1
#25547 [Ver]: error_handler and array index with function call
ID: 25547
Updated by: [EMAIL PROTECTED]
Reported By: cschneid at cschneid dot com
Status: Verified
Bug Type: Zend Engine 2 problem
Operating System: *
-PHP Version: 5CVS,4CVS
+PHP Version: 4CVS
New Comment:
The bug is fixed in PHP5 CVS (zend.c,v 1.260).
Previous Comments:
[2003-10-16 04:09:39] [EMAIL PROTECTED]
You now have a memory leak. I tried something similar too. But we
decided to look for a better solution where we don't gc the variable we
still need.
[2003-10-15 08:19:08] cschneid at cschneid dot com
The problem seems to be that dim-value is overwritten, copying the
value solves this. I don't have enough insight in Zend to know if this
is a memory leak and the values should be freed at some point or if
this is ok.
Hope this helps:
diff -u -u -r1.316.2.21 zend_execute.c
--- Zend/zend_execute.c 30 Jul 2003 16:33:54 - 1.316.2.21
+++ Zend/zend_execute.c 15 Oct 2003 12:17:10 -
@@ -626,7 +626,7 @@
offset_key_length = 0;
goto fetch_string_dim;
case IS_STRING:
- offset_key = dim-value.str.val;
+ offset_key = estrndup(dim-value.str.val,
dim-value.str.len);
offset_key_length = dim-value.str.len;
fetch_string_dim:
[2003-09-15 13:37:55] cschneid at cschneid dot com
Description:
Error handler seems to destroy array indices if called due
to a undefined array index generated by a function.
Reproduce code:
---
function handler($errno, $errstr, $errfile, $errline)
{
$test = aaa;
}
set_error_handler('handler');
$output[trim(bbb)]++;
print_r($output);
Expected result:
Array
(
[bbb] = 1
)
Actual result:
--
Array
(
[aaa] = 1
)
--
Edit this bug report at http://bugs.php.net/?id=25547edit=1
