php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #30144 values used in __set() overload don't remain consistent.
Submitted: 2004-09-18 21:42 UTC Modified: 2004-10-06 01:00 UTC
From: james at grickle dot org Assigned:
Status: No Feedback Package: Scripting Engine problem
PHP Version: 5CVS-2004-09-18 (dev) OS: Slackware Linux -current
Private report: No CVE-ID: None
View Developer Edit
 [2004-09-18 21:42 UTC] james at grickle dot org 
Description:
------------
All the debugging output has been done on php-5.0.1, but it happens from 5.0.1 to the 5.1 CVS tree.

The class I'm using is available here: http://www.grickle.org/url.php.txt

I don't know what exactly is happening, but I think that php is using a reference to a variable when it shouldn't be using a reference.

In the reproduce code, there is a var_dump in the set() function just before it returns showing that in all scenarios that it did its job, howevever the var_dump of the entire class afterwards shows that something gets boched.

In the larger program that this is used in, it does survive the initial urlencode() errors, however php segfaults after making only a few steps further.

Here are my PHP compile flags (noting that this bug happens both through apache2 and the cli, showing that it's not a problem with the sapi):
./configure \
    --prefix=/usr \
    --sysconfdir=/etc \
    --localstatedir=/var \
    --with-zlib \
    --enable-sigchild \
    --with-openssl \
    --enable-bcmath \
    --enable-calendar \
    --enable-exif \
    --with-fam \
    --enable-ftp \
    --with-mysql \
    --with-gd \
    --enable-gd-native-ttf \
    --enable-sysvmsg \
    --enable-sysvsem \
    --enable-sysvshm \
    --with-tsrm-pthreads \
    --enable-force-cgi-redirect \
    --enable-debug \
    --with-apxs2=/usr/local/apache/bin/apxs

I don't have any backtraces because segfaults only happen when you continue running code after this bug gets hit. I hope you find this useful and find a fix for it because I spent about 3 hours weeding down the errors and crashes of a fairly large cms to get to this point :)

Thanks,
James Harr


Reproduce code:
---------------
<?php
include_once("url.php");
$n = "page";
$u = new URL("showpages.php");
$u->$n = 1;
var_dump($u);
print "\n".$u->getURL()."\n";

?>

Everything works if instead of:
$u->$n = 1;
I call one of these:
$u->__set($n,1);
$u->page = 1;
$u->set($n,1);


Expected result:
----------------
Inside set(): page -> 1
array(1) {
  [0]=>
  array(2) {
    [0]=>
    string(4) "page"
    [1]=>
    int(1)
  }
}
object(URL)#1 (2) {
  ["url:private"]=>
  string(0) ""
  ["params:private"]=>
  array(1) {
    [0]=>
    array(2) {
      [0]=>
      string(4) "page"
      [1]=>
      int(1)
    }
  }
}

showpages.php?page=1

Actual result:
--------------
Inside set(): page -> 1
array(1) {
  [0]=>
  array(2) {
    [0]=>
    string(4) "page"
    [1]=>
    int(1)
  }
}
object(URL)#1 (2) {
  ["url:private"]=>
  string(0) ""
  ["params:private"]=>
  array(1) {
    [0]=>
    array(2) {
      [0]=>
      &UNKNOWN:0
      [1]=>
      int(1)
    }
  }
}

Warning: urlencode() expects parameter 1 to be string, unknown given in url.php on line 111
showpages.php?=1

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-09-26 23:09 UTC] helly@php.net 
Please provide a short reproducing script without external includes.
 [2004-10-06 01:00 UTC] php-bugs at lists dot php dot net 
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Wed Nov 13 18:01:30 2024 UTC