[PHP-BUG] Bug #65251 [NEW]: array_merge_recursive() recursion detection broken

2013-07-12 Thread maar...@php.net
From: maarten
Operating system: 
PHP version:  5.5.0
Package:  Arrays related
Bug Type: Bug
Bug description:array_merge_recursive() recursion detection broken

Description:


No longer detects recursion.

It was fixed at the time (https://bugs.php.net/bug.php?id=16064 ) and fix
did work until PHP 5.3.26

However PHP 5.4.0 shows a regression, still present in recent 5.4 and 5.5.

See: http://3v4l.org/PfuC8


Test script:
---
https://bugs.php.net/bug.php?id=65251&edit=1
-- 
Try a snapshot (PHP 5.4):   
https://bugs.php.net/fix.php?id=65251&r=trysnapshot54
Try a snapshot (PHP 5.3):   
https://bugs.php.net/fix.php?id=65251&r=trysnapshot53
Try a snapshot (trunk): 
https://bugs.php.net/fix.php?id=65251&r=trysnapshottrunk
Fixed in SVN:   https://bugs.php.net/fix.php?id=65251&r=fixed
Fixed in release:   https://bugs.php.net/fix.php?id=65251&r=alreadyfixed
Need backtrace: https://bugs.php.net/fix.php?id=65251&r=needtrace
Need Reproduce Script:  https://bugs.php.net/fix.php?id=65251&r=needscript
Try newer version:  https://bugs.php.net/fix.php?id=65251&r=oldversion
Not developer issue:https://bugs.php.net/fix.php?id=65251&r=support
Expected behavior:  https://bugs.php.net/fix.php?id=65251&r=notwrong
Not enough info:
https://bugs.php.net/fix.php?id=65251&r=notenoughinfo
Submitted twice:
https://bugs.php.net/fix.php?id=65251&r=submittedtwice
register_globals:   https://bugs.php.net/fix.php?id=65251&r=globals
PHP 4 support discontinued: https://bugs.php.net/fix.php?id=65251&r=php4
Daylight Savings:   https://bugs.php.net/fix.php?id=65251&r=dst
IIS Stability:  https://bugs.php.net/fix.php?id=65251&r=isapi
Install GNU Sed:https://bugs.php.net/fix.php?id=65251&r=gnused
Floating point limitations: https://bugs.php.net/fix.php?id=65251&r=float
No Zend Extensions: https://bugs.php.net/fix.php?id=65251&r=nozend
MySQL Configuration Error:  https://bugs.php.net/fix.php?id=65251&r=mysqlcfg



Bug #60701 [Com]: __toString() which stores $this reference triggers segfault (with fix!)

2012-04-26 Thread maar...@php.net
Edit report at https://bugs.php.net/bug.php?id=60701&edit=1

 ID: 60701
 Comment by: maar...@php.net
 Reported by:daan at react dot com
 Summary:__toString() which stores $this reference triggers
 segfault (with fix!)
 Status: Assigned
 Type:   Bug
 Package:Reproducible crash
 Operating System:   CentOS
 PHP Version:5.3.8
 Assigned To:dmitry
 Block user comment: N
 Private report: N

 New Comment:

So this issue is apparently fixed thanks to 
https://bugs.php.net/bug.php?id=61165 (which is actually a dupe of 60701 all 
along) ?


Previous Comments:

[2012-04-26 12:18:10] arjen at react dot com

5.3.10/5.4.0 fixed original testcase; see http://3v4l.org/sc0mQ
5.3.11/5.4.1 fixed modified testcase; see http://3v4l.org/iYBMZ

Please close this issue and mark as fixed!


[2012-04-02 09:53:08] arjen at react dot com

5.3.10 fixed the attached testcase, a more simple test now fails.

a = $this;
return 'waa?';
}
}

$a = new A;
echo trim($a);
echo trim($a->a);

Results:
5.3.0 - 5.3.9   waa?1
5.3.10 waa? Warning: trim() expects parameter 1 to be string, unknown given in 
/home/deployer/public_html/php/tmp/ba8096acaf18c52bc12e38619634c25b on line 14
5.4.0 Segmentationfault


[2012-03-26 09:05:57] s...@php.net

OK, I think I know what may be going on here. What you're getting as $this in 
toString() is not a real $object but a copy what was generated by 
SEPARATE_ZVAL_IF_NOT_REF() in parse_arg_object_to_string(). If you save this 
copy, there might be trouble since it'd be destroyed by writeobj and later 
cleanup of the function arguments. However, the patch proposed doesn't seem to 
solve the problem completely since $this->test variable is still corrupted in 
this scenario...


[2012-03-26 08:38:59] s...@php.net

I looked more into the code, and as far as I can see, the case where readobj == 
writeobj comes from parse_arg_object_to_string() - but there it is preceeded by 
SEPARATE_ZVAL_IF_NOT_REF(arg); so I don't see how you can get refcount > 1 
there 
unless you have IS_REF. Something else is going on there...


[2012-03-26 07:21:23] s...@php.net

I'm not sure I understand the patch, especially this part: 

if (readobj == writeobj) {
+   if (Z_REFCOUNT_P(readobj) <= 1) 
{
+   INIT_PZVAL(writeobj);
+   }
zval_dtor(readobj);

It looks like you initializing the object and then immediately calling dtor on 
it (since readobj == writeobj). Could you explain why and what you are trying 
to 
do there?




The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

https://bugs.php.net/bug.php?id=60701


-- 
Edit this bug report at https://bugs.php.net/bug.php?id=60701&edit=1


Bug #60701 [Com]: __toString() which stores $this reference triggers segfault (with fix!)

2012-04-26 Thread maar...@php.net
Edit report at https://bugs.php.net/bug.php?id=60701&edit=1

 ID: 60701
 Comment by: maar...@php.net
 Reported by:daan at react dot com
 Summary:__toString() which stores $this reference triggers
 segfault (with fix!)
 Status: Duplicate
 Type:   Bug
 Package:Reproducible crash
 Operating System:   CentOS
 PHP Version:5.3.8
 Block user comment: N
 Private report: N

 New Comment:

OK, race condition, I was changing it from assigned to closed. (and yes, 
should've used duplicate instead)


Previous Comments:

[2012-04-26 12:53:17] paj...@php.net

Pls do not change the status. Duplicated means "see the other bug for any 
further 
info", Thanks.


[2012-04-26 12:35:04] maar...@php.net

Fixed in 5.3.11 / 5.4.1 (see #61165 for revisions and tests)


[2012-04-26 12:34:40] paj...@php.net

Duplicate of #61165


[2012-04-26 12:33:03] maar...@php.net

So this issue is apparently fixed thanks to 
https://bugs.php.net/bug.php?id=61165 (which is actually a dupe of 60701 all 
along) ?


[2012-04-26 12:18:10] arjen at react dot com

5.3.10/5.4.0 fixed original testcase; see http://3v4l.org/sc0mQ
5.3.11/5.4.1 fixed modified testcase; see http://3v4l.org/iYBMZ

Please close this issue and mark as fixed!




The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

https://bugs.php.net/bug.php?id=60701


-- 
Edit this bug report at https://bugs.php.net/bug.php?id=60701&edit=1


Bug #18556 [Com]: Setting locale to 'tr_TR' lowercases class names

2012-07-04 Thread maar...@php.net
Edit report at https://bugs.php.net/bug.php?id=18556&edit=1

 ID: 18556
 Comment by: maar...@php.net
 Reported by:spud at nothingness dot org
 Summary:Setting locale to 'tr_TR' lowercases class names
 Status: Assigned
 Type:   Bug
 Package:Scripting Engine problem
 Operating System:   Linux (RedHat 7.2)
 PHP Version:5CVS, 4CVS (2005-10-04)
 Assigned To:dmitry
 Block user comment: N
 Private report: N

 New Comment:

@ stormbyte, I just made 2 separate more explicit tests, one for 
tr_TR.iso8859-9 and one for tr_TR.UTF-8 and they do have the same outcome:

tr_TR.iso8859-9 - http://3v4l.org/o5YCk
tr_TR.UTF-8 - http://3v4l.org/F2gEb

3v4l.org uses a 'vanilla' PHP setup, be free to play with phpinfo() and the 
likes to see for yourself.


Previous Comments:

[2012-07-03 17:05:03] stormbyte at gmail dot com

The problem:

output:
thIs Is just a test

So if it is using the same function internally to do the tolower on class 
names, it will not find them.

A workarround would be use toupper instead of tolower in zend_internal 
namespace handling, despite the correct fix would be to use independent 
identifyers (??)


[2012-07-03 16:53:08] stormbyte at gmail dot com

maar...@php.net:
They don't seem to be running vanilla PHP installations.
I've compiled php-5.4.4 from Gentoo and do not appear to be fixed to me, even 
in 5.4.4.

Can you try on a vanilla PHP?


[2012-07-03 16:42:22] stormbyte at gmail dot com

It is not fixed in 5.4.4 as some stated above.
Tested with php 5.4.4
Testcase:
';
$class = 'PharFileInfo';
echo 'Locale: '.setlocale(LC_ALL, '0')."";
echo "$class exists? ".var_export(class_exists($class), true)."";
echo 'Locale: '.setlocale(LC_ALL, 'tr_TR.UTF-8')."";
echo "$class exists? ".var_export(class_exists($class), true)."";
>?

Output with nginx+spawnFCGI:
Starting...
Locale: C
PharFileInfo exists? true
Locale: tr_TR.UTF-8
PharFileInfo exists? false

Output with cli (php -f test.php):
Starting...Locale: CPharFileInfo exists? trueLocale: 
tr_TR.UTF-8PharFileInfo exists? false


[2012-07-03 09:58:31] maar...@php.net

Appears to be fixed since >= 5.4.0
See http://3v4l.org/lahi5 for proof:
---
Output for 5.4.0 - 5.4.4
Instantiating an infoBlob with a lowercase iFooInstantiating an 
InfoBlob with an uppercase IFoo

Output for 5.0.0 - 5.0.5, 5.1.0 - 5.1.6, 5.2.0 - 5.2.17, 5.3.0 - 5.3.14
Instantiating an infoBlob with a lowercase iFooInstantiating an 
InfoBlob with an uppercase I Fatal error: Class 'InfoBlob' not found in 
/in/lahi5 on line 25
Process exited with code 255.
---
 Can't find it in the changelogs though.


[2012-07-03 09:02:01] shevegen at gmail dot com

There are other languages one could use, other than PHP.




The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

https://bugs.php.net/bug.php?id=18556


-- 
Edit this bug report at https://bugs.php.net/bug.php?id=18556&edit=1