php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75961 Strange references behavior
Submitted: 2018-02-14 16:57 UTC Modified: 2018-03-05 14:37 UTC
Votes:4
Avg. Score:1.8 ± 1.3
Reproduced:2 of 3 (66.7%)
Same Version:2 (100.0%)
Same OS:1 (50.0%)
From: imbolk at gmail dot com Assigned:
Status: Re-Opened Package: Scripting Engine problem
PHP Version: 7.1.14 OS: all
Private report: No CVE-ID: None
 [2018-02-14 16:57 UTC] imbolk at gmail dot com
Description:
------------
Results in PHP 7.1+ and pre-PHP-7.1 are differs. I'm not sure what I have to expect to see but pre-PHP-7.1 result is more intuitive.

Test script:
---------------
$arr = [[1]];

array_walk($arr, function(){});
array_map('array_shift', $arr);
var_dump($arr);


Expected result:
----------------
array(1) {
  [0]=>
  array(1) {
    [0]=>
    int(1)
  }
}

Actual result:
--------------
array(1) {
  [0]=>
  array(0) {
  }
}

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-02-17 08:38 UTC] laruence@php.net
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=94e9d0a2ae76bad712495d820d3962e401085fef
Log: Fixed bug #75961 (Strange references behavior)
 [2018-02-17 08:38 UTC] laruence@php.net
-Status: Open +Status: Closed
 [2018-02-17 08:39 UTC] laruence@php.net
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=94e9d0a2ae76bad712495d820d3962e401085fef
Log: Fixed bug #75961 (Strange references behavior)
 [2018-03-05 14:34 UTC] nikic@php.net
Automatic comment on behalf of nikita.ppv@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=fd5bd37ab129595d51cc05199437c8af3388b3b9
Log: Revert "Fixed bug #75961 (Strange references behavior)"
 [2018-03-05 14:37 UTC] nikic@php.net
-Status: Closed +Status: Re-Opened
 [2018-03-05 14:37 UTC] nikic@php.net
I've reverted this change in https://github.com/php/php-src/commit/fd5bd37ab129595d51cc05199437c8af3388b3b9, because it is causing use-after-free under certain circumstances.

IMHO the actual bug here is in array_map, not in array_walk. array_map should not be leaking references into the callback.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 15:01:29 2024 UTC