[PHP-BUG] Bug #65251 [NEW]: array_merge_recursive() recursion detection broken
From: maarten Operating system: PHP version: 5.5.0 Package: Arrays related Bug Type: Bug Bug description:array_merge_recursive() recursion detection broken Description: No longer detects recursion. It was fixed at the time (https://bugs.php.net/bug.php?id=16064 ) and fix did work until PHP 5.3.26 However PHP 5.4.0 shows a regression, still present in recent 5.4 and 5.5. See: http://3v4l.org/PfuC8 Test script: --- https://bugs.php.net/bug.php?id=65251&edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=65251&r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=65251&r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=65251&r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=65251&r=fixed Fixed in release: https://bugs.php.net/fix.php?id=65251&r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=65251&r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=65251&r=needscript Try newer version: https://bugs.php.net/fix.php?id=65251&r=oldversion Not developer issue:https://bugs.php.net/fix.php?id=65251&r=support Expected behavior: https://bugs.php.net/fix.php?id=65251&r=notwrong Not enough info: https://bugs.php.net/fix.php?id=65251&r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=65251&r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=65251&r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=65251&r=php4 Daylight Savings: https://bugs.php.net/fix.php?id=65251&r=dst IIS Stability: https://bugs.php.net/fix.php?id=65251&r=isapi Install GNU Sed:https://bugs.php.net/fix.php?id=65251&r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=65251&r=float No Zend Extensions: https://bugs.php.net/fix.php?id=65251&r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=65251&r=mysqlcfg
Bug #60701 [Com]: __toString() which stores $this reference triggers segfault (with fix!)
Edit report at https://bugs.php.net/bug.php?id=60701&edit=1 ID: 60701 Comment by: maar...@php.net Reported by:daan at react dot com Summary:__toString() which stores $this reference triggers segfault (with fix!) Status: Assigned Type: Bug Package:Reproducible crash Operating System: CentOS PHP Version:5.3.8 Assigned To:dmitry Block user comment: N Private report: N New Comment: So this issue is apparently fixed thanks to https://bugs.php.net/bug.php?id=61165 (which is actually a dupe of 60701 all along) ? Previous Comments: [2012-04-26 12:18:10] arjen at react dot com 5.3.10/5.4.0 fixed original testcase; see http://3v4l.org/sc0mQ 5.3.11/5.4.1 fixed modified testcase; see http://3v4l.org/iYBMZ Please close this issue and mark as fixed! [2012-04-02 09:53:08] arjen at react dot com 5.3.10 fixed the attached testcase, a more simple test now fails. a = $this; return 'waa?'; } } $a = new A; echo trim($a); echo trim($a->a); Results: 5.3.0 - 5.3.9 waa?1 5.3.10 waa? Warning: trim() expects parameter 1 to be string, unknown given in /home/deployer/public_html/php/tmp/ba8096acaf18c52bc12e38619634c25b on line 14 5.4.0 Segmentationfault [2012-03-26 09:05:57] s...@php.net OK, I think I know what may be going on here. What you're getting as $this in toString() is not a real $object but a copy what was generated by SEPARATE_ZVAL_IF_NOT_REF() in parse_arg_object_to_string(). If you save this copy, there might be trouble since it'd be destroyed by writeobj and later cleanup of the function arguments. However, the patch proposed doesn't seem to solve the problem completely since $this->test variable is still corrupted in this scenario... [2012-03-26 08:38:59] s...@php.net I looked more into the code, and as far as I can see, the case where readobj == writeobj comes from parse_arg_object_to_string() - but there it is preceeded by SEPARATE_ZVAL_IF_NOT_REF(arg); so I don't see how you can get refcount > 1 there unless you have IS_REF. Something else is going on there... [2012-03-26 07:21:23] s...@php.net I'm not sure I understand the patch, especially this part: if (readobj == writeobj) { + if (Z_REFCOUNT_P(readobj) <= 1) { + INIT_PZVAL(writeobj); + } zval_dtor(readobj); It looks like you initializing the object and then immediately calling dtor on it (since readobj == writeobj). Could you explain why and what you are trying to do there? The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=60701 -- Edit this bug report at https://bugs.php.net/bug.php?id=60701&edit=1
Bug #60701 [Com]: __toString() which stores $this reference triggers segfault (with fix!)
Edit report at https://bugs.php.net/bug.php?id=60701&edit=1 ID: 60701 Comment by: maar...@php.net Reported by:daan at react dot com Summary:__toString() which stores $this reference triggers segfault (with fix!) Status: Duplicate Type: Bug Package:Reproducible crash Operating System: CentOS PHP Version:5.3.8 Block user comment: N Private report: N New Comment: OK, race condition, I was changing it from assigned to closed. (and yes, should've used duplicate instead) Previous Comments: [2012-04-26 12:53:17] paj...@php.net Pls do not change the status. Duplicated means "see the other bug for any further info", Thanks. [2012-04-26 12:35:04] maar...@php.net Fixed in 5.3.11 / 5.4.1 (see #61165 for revisions and tests) [2012-04-26 12:34:40] paj...@php.net Duplicate of #61165 [2012-04-26 12:33:03] maar...@php.net So this issue is apparently fixed thanks to https://bugs.php.net/bug.php?id=61165 (which is actually a dupe of 60701 all along) ? [2012-04-26 12:18:10] arjen at react dot com 5.3.10/5.4.0 fixed original testcase; see http://3v4l.org/sc0mQ 5.3.11/5.4.1 fixed modified testcase; see http://3v4l.org/iYBMZ Please close this issue and mark as fixed! The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=60701 -- Edit this bug report at https://bugs.php.net/bug.php?id=60701&edit=1
Bug #18556 [Com]: Setting locale to 'tr_TR' lowercases class names
Edit report at https://bugs.php.net/bug.php?id=18556&edit=1 ID: 18556 Comment by: maar...@php.net Reported by:spud at nothingness dot org Summary:Setting locale to 'tr_TR' lowercases class names Status: Assigned Type: Bug Package:Scripting Engine problem Operating System: Linux (RedHat 7.2) PHP Version:5CVS, 4CVS (2005-10-04) Assigned To:dmitry Block user comment: N Private report: N New Comment: @ stormbyte, I just made 2 separate more explicit tests, one for tr_TR.iso8859-9 and one for tr_TR.UTF-8 and they do have the same outcome: tr_TR.iso8859-9 - http://3v4l.org/o5YCk tr_TR.UTF-8 - http://3v4l.org/F2gEb 3v4l.org uses a 'vanilla' PHP setup, be free to play with phpinfo() and the likes to see for yourself. Previous Comments: [2012-07-03 17:05:03] stormbyte at gmail dot com The problem: output: thIs Is just a test So if it is using the same function internally to do the tolower on class names, it will not find them. A workarround would be use toupper instead of tolower in zend_internal namespace handling, despite the correct fix would be to use independent identifyers (??) [2012-07-03 16:53:08] stormbyte at gmail dot com maar...@php.net: They don't seem to be running vanilla PHP installations. I've compiled php-5.4.4 from Gentoo and do not appear to be fixed to me, even in 5.4.4. Can you try on a vanilla PHP? [2012-07-03 16:42:22] stormbyte at gmail dot com It is not fixed in 5.4.4 as some stated above. Tested with php 5.4.4 Testcase: '; $class = 'PharFileInfo'; echo 'Locale: '.setlocale(LC_ALL, '0').""; echo "$class exists? ".var_export(class_exists($class), true).""; echo 'Locale: '.setlocale(LC_ALL, 'tr_TR.UTF-8').""; echo "$class exists? ".var_export(class_exists($class), true).""; >? Output with nginx+spawnFCGI: Starting... Locale: C PharFileInfo exists? true Locale: tr_TR.UTF-8 PharFileInfo exists? false Output with cli (php -f test.php): Starting...Locale: CPharFileInfo exists? trueLocale: tr_TR.UTF-8PharFileInfo exists? false [2012-07-03 09:58:31] maar...@php.net Appears to be fixed since >= 5.4.0 See http://3v4l.org/lahi5 for proof: --- Output for 5.4.0 - 5.4.4 Instantiating an infoBlob with a lowercase iFooInstantiating an InfoBlob with an uppercase IFoo Output for 5.0.0 - 5.0.5, 5.1.0 - 5.1.6, 5.2.0 - 5.2.17, 5.3.0 - 5.3.14 Instantiating an infoBlob with a lowercase iFooInstantiating an InfoBlob with an uppercase I Fatal error: Class 'InfoBlob' not found in /in/lahi5 on line 25 Process exited with code 255. --- Can't find it in the changelogs though. [2012-07-03 09:02:01] shevegen at gmail dot com There are other languages one could use, other than PHP. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=18556 -- Edit this bug report at https://bugs.php.net/bug.php?id=18556&edit=1