php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #28892 Object id that's still in use gets reassigned/removing one reference deletes obj
Submitted: 2004-06-23 12:59 UTC Modified: 2005-03-14 01:00 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: paranoid at pcwereld dot be Assigned:
Status: No Feedback Package: Scripting Engine problem
PHP Version: 5.0.0+ OS: All
Private report: No CVE-ID: None
View Add Comment Developer Edit
Have you experienced this issue?
Rate the importance of this bug to you:

 [2004-06-23 12:59 UTC] paranoid at pcwereld dot be 
Description:
------------
PHP reassigns an allready-in-use object id to a newly created object, after the first object (that loses it's id) was removed from an array, but was still referenced in another object. 

Reproduce code:
---------------
http://users.pandora.be/paranet/poc.html


Expected result:
----------------
I expected that object C would still contain a reference to the first A object (A-1) i created, ...

Actual result:
--------------
(see comments in code for the actual output)

... instead A-1 was overwritten with a second A object (A-2) i created, that (!!!!!) used the same object id as the first A object.

PHP seems to be missing the fact that A-1 is still referenced inside the C object, and thus assigns the object id A-1 was using to A-2

Removing the part marked "important" in list_remove results in a normal behaviour, eg. C refers to A-1, not A-2. And A-2 doesn't get the same object id as A-1. The bug is probably somewhere in the code that removes an object from an array.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-06-24 10:38 UTC] paranoid at pcwereld dot be 
When using new C($a = new A()) instead of new C(new A()) the code seems to work like expected.
 [2004-08-14 01:14 UTC] andrey@php.net 
Shorter reproduce script. It shows that removing one reference with setting the variable holding it to NULL deletes the object thus leaving one reference handing. In the script of the original reporter this interferes with a creation of a new object of the class of the innormally deleted one and the new objects hooks on the nirvana reference created by the bug.
<?php
new C(new A("FUBAR"));

class A {
    public $text;
    
    function __construct($m){
        $this->text = $m;
    }
}


class C {
    public $e;
    public $e2;
    
    function __construct($elem){
        $this->e = $elem;
	$this->e2 = $elem;
	$this->e = null;
	var_dump($this);
    }
}
?>
Output :
object(C)#1 (2) {
  ["e"]=>
  NULL
  ["e2"]=>
  NULL
}
// "e2" has been deleted when $this->e =null; which is not correct IMHO
Similar example works correctly :
php -r '$a=new stdclass();$b=$a; $a=null; var_dump($a,$b);'
 [2005-03-06 20:32 UTC] sniper@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip
 [2005-03-14 01:00 UTC] php-bugs at lists dot php dot net 
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Apr 20 03:01:28 2024 UTC