php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #79108 Referencing argument in a function makes it a reference in the stack trace
Submitted: 2020-01-13 10:26 UTC Modified: 2020-07-23 20:59 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: tux dot jumale at gmail dot com Assigned: nikic (profile)
Status: Closed Package: *General Issues
PHP Version: 7.2.26 OS: 7.2.26-cli-alpine3.10
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: tux dot jumale at gmail dot com
New email:
PHP Version: OS:

 

 [2020-01-13 10:26 UTC] tux dot jumale at gmail dot com 
Description:
------------
Taking a reference of an argument makes it also to be a reference in the stack trace, which allows to modify the value from any nesting level via 'args' key of debug_backtrace

Test script:
---------------
<?php

function test(string $val) {
    $a = &$val;
    hackingHere();
    print_r($val);
}

function hackingHere() {
    // we're able to modify the $val from here, even though the arg was not a reference
    debug_backtrace()[1]['args'][0] = 'Modified';
}

test('Original');

Expected result:
----------------
Should print 'Original'

Actual result:
--------------
Prints 'Modified', because `hackingHere` unexpectedly gets access to the argument.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-01-13 19:04 UTC] requinix@php.net
-Status: Open +Status: Not a bug
 [2020-01-13 19:04 UTC] requinix@php.net 
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

This changed back in PHP 7.0.
https://www.php.net/manual/en/migration70.incompatible.php#migration70.incompatible.other.func-parameter-modified
 [2020-01-13 19:32 UTC] nikic@php.net
-Status: Not a bug +Status: Re-Opened
 [2020-01-13 19:32 UTC] nikic@php.net 
@requinix: That's the other way around: Changing the value in the function affects the backtrace. Here the backtrace affects the value in the function.

I don't think it's really a bug, but I'd be happy to change this behavior in PHP 8.
 [2020-01-13 19:39 UTC] requinix@php.net 
Since the backtrace reuses values, if the variable was made into a reference then wouldn't that mean the backtrace gets it as a reference too?
 [2020-07-23 20:59 UTC] nikic@php.net
-Assigned To: +Assigned To: nikic
 [2020-07-24 10:23 UTC] nikic@php.net 
Automatic comment on behalf of nikita.ppv@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d65d3f5298dcc8d94bcac96e8bf2441dceb393ac
Log: Fix bug #79108
 [2020-07-24 10:23 UTC] nikic@php.net
-Status: Re-Opened +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 12:01:29 2024 UTC