php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #21600 assign by reference function call changes variable contents
Submitted: 2003-01-12 15:07 UTC Modified: 2003-02-24 09:57 UTC
Votes:5
Avg. Score:3.8 ± 1.2
Reproduced:5 of 5 (100.0%)
Same Version:3 (60.0%)
Same OS:2 (40.0%)
From: jhpacker at yahoo dot com Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 4.3.0, 5.0.0 OS: Redhat 7.3, 8, W2k server
Private report: No CVE-ID:
 [2003-01-12 15:07 UTC] jhpacker at yahoo dot com
under 4.3.0 with apache 2.0.40 I see this strange behavior with aliasing:

$foo = "Philip Johnson's \"Glass House\" remains one of the most famous residences in the world.";
$foo =& bar($foo);
print $foo;

function bar($text){
  return $text;
}

outputs: Philip Johnson's "Glass House" remains one of the most famous residences in the worlh

This didn't happen under 4.2.3. Although really this was a mistake on my part (I meant to do $foo = bar($foo)) it seems like strange behavior nonetheless.

It's also strange to me that if I change 
return $text; 
to 
return "$text"; 
it works as I would expect.

Patches

mt19937ar.out (last revision 2013-12-12 19:26 UTC) by dree031 at yahoo dot ca)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-01-12 15:56 UTC] moriyoshi@php.net
Verified with HEAD(ZE2) and PHP_4_3(ZE1).
The provided script causes segmentation fault.

 [2003-01-13 01:21 UTC] derick@php.net
backtrace (with php-5.0.0-dev):
#0  0x40749e49 in __sbrk (increment=1515880448) at ../sysdeps/generic/sbrk.c:33
#1  0x406e9d3c in __default_morecore (increment=1515880448)
    at ../sysdeps/generic/morecore.c:47
#2  0x406e676d in chunk_alloc (ar_ptr=0x40798520, nb=1515878480)
    at malloc.c:2583
#3  0x406e60bc in __libc_malloc (bytes=1515878476) at malloc.c:2817
#4  0x08256b63 in zend_mm_add_memory_block (heap=0x8333748, 
    block_size=1515878476) at /dat/dev/php/php-5.0.0dev/Zend/zend_mm.c:143
#5  0x08256de6 in zend_mm_alloc (heap=0x8333748, size=1515878448)
    at /dat/dev/php/php-5.0.0dev/Zend/zend_mm.c:236
#6  0x08256e0e in zend_mm_alloc (heap=0x8333748, size=1515878448)
    at /dat/dev/php/php-5.0.0dev/Zend/zend_mm.c:240
#7  0x08256e0e in zend_mm_alloc (heap=0x8333748, size=1515878448)
    at /dat/dev/php/php-5.0.0dev/Zend/zend_mm.c:240
#8  0x08256e0e in zend_mm_alloc (heap=0x8333748, size=1515878448)
    at /dat/dev/php/php-5.0.0dev/Zend/zend_mm.c:240
#9  0x08256e0e in zend_mm_alloc (heap=0x8333748, size=1515878448)
    at /dat/dev/php/php-5.0.0dev/Zend/zend_mm.c:240
#10 0x08256e0e in zend_mm_alloc (heap=0x8333748, size=1515878448)
    at /dat/dev/php/php-5.0.0dev/Zend/zend_mm.c:240
#11 0x08256e0e in zend_mm_alloc (heap=0x8333748, size=1515878448)
    at /dat/dev/php/php-5.0.0dev/Zend/zend_mm.c:240
#12 0x08256e0e in zend_mm_alloc (heap=0x8333748, size=1515878448)

(last frame continues atleast 15.000 times)

Derick
 [2003-01-13 19:42 UTC] moriyoshi@php.net
I'm marking this critical because the provided script works fine on the previous released versions.

 [2003-01-14 00:52 UTC] derick@php.net
update version
 [2003-01-23 16:44 UTC] jkkn at tv2 dot dk
Here is a simular problem - it seem to be a problem with referencing to values from functions that not themselfs return reference.

<?php

class Person {

    var $name;

    function Person($name) {
        $this->name = $name;
        $wiefewfjwefjwefwef =& $this->getName(); // <-- this line destroys $this->name and eventually crashes apache+php
    }
    
    function /*&*/ getName() {
        return $this->name;
    }
    
}

$kent =& new Person('Kent');

echo '<pre>'; print_r($kent); echo '</pre>';

echo '<p><b>PersonName: "' . $kent->getName() . '"</b></p>';


?>
 [2003-01-31 10:52 UTC] moriyoshi@php.net
I noticed this issue has something to do with the version of bison used in a build.

Below is just my assumption:

1.28 => works
1.35 => works
1.75 => doesn't work
1.875 => ???



 [2003-02-02 15:42 UTC] k.schroeder@php.net
tests/lang/bug21600.phpt also failed on W2k server with latest win32 snap:

---- EXPECTED OUTPUT
array(1) {
  ["foo"]=>
  string(4) "test"
}
array(1) {
  ["foo"]=>
  string(4) "test"
}
---- ACTUAL OUTPUT
array(1) {
  ["foo"]=>
  &string(4) "test"
}
array(1) {
  ["foo"]=>
  string(4) "test"
}
---- FAILED
 [2003-02-03 06:12 UTC] sniper@php.net
The tests/lang/bug21600.phpt fails for me and I have 
bison 1.28..

 [2003-02-16 13:20 UTC] zeev@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.

(Zend Engine 2)
 [2003-02-24 09:57 UTC] sniper@php.net
The fix will be in PHP 5.

 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 03:02:42 2014 UTC