php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #29423 reference count gets wrong when return-reference-calling a normal function
Submitted: 2004-07-28 10:59 UTC Modified: 2005-06-07 11:58 UTC
Votes:6
Avg. Score:5.0 ± 0.0
Reproduced:6 of 6 (100.0%)
Same Version:2 (33.3%)
Same OS:3 (50.0%)
From: stefan at hotpaenz dot de Assigned: dmitry (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: 5CVS, 4CVS OS: Linux 2.6.3
Private report: No CVE-ID: None
View Developer Edit
 [2004-07-28 10:59 UTC] stefan at hotpaenz dot de 
Description:
------------
See the code below: 
 
An object of ClassA is passed to FuncB, which calls FuncA 
with the return-by-reference operator. FuncA is not 
designed to return by reference. 
 
The reference count seems to get wrong by doing that so 
the object is discarded when FuncB returns. 
 

Reproduce code:
---------------
<?php
class ClassA { }

function FuncA($obj) {
    return $obj;
}

function FuncB($obj) {
    $dummy = &FuncA($obj);
}

$obj = new ClassA();
FuncB($obj);
$str='This is a string'
var_dump($obj);


Expected result:
----------------
object(ClassA)#1 (0) { } 
 

Actual result:
--------------
string(16) "This is a string"

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-03-06 22:12 UTC] sniper@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip
 [2005-03-07 11:50 UTC] stefan at hotpaenz dot de 
The bug remains for me with "latest cvs" snapshot 
200503070930, configured with 
 
./configure --disable-cli --enable-cgi --without-pear 
--disable-all
 [2005-03-07 12:13 UTC] stefan at hotpaenz dot de 
Of course you could make this code cause an fatal error 
(instead of the "expected result" that PHP4 returns), but 
please please please don't let it fail silently. It easily 
leads to errors that are really hard to track.
 [2005-03-07 12:49 UTC] derick@php.net 
Confirmed here too (with PHP 4) and it leaks too:

string(16) "This is a string"
/dat/dev/php/php-5.0dev/Zend/zend_execute.c(253) :  Freeing 0x085E7994 (16 bytes), script=-
=== Total 1 memory leaks detected ===


assigning to Dmitry
 [2005-06-07 11:58 UTC] derick@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sat Feb 22 17:01:28 2025 UTC