php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #28892 Object id that's still in use gets reassigned/removing one reference deletes obj
Submitted: 2004-06-23 12:59 UTC Modified: 2005-03-14 01:00 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: paranoid at pcwereld dot be Assigned:
Status: No Feedback Package: Scripting Engine problem
PHP Version: 5.0.0+ OS: All
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: paranoid at pcwereld dot be
New email:
PHP Version: OS:

 

 [2004-06-23 12:59 UTC] paranoid at pcwereld dot be 
Description:
------------
PHP reassigns an allready-in-use object id to a newly created object, after the first object (that loses it's id) was removed from an array, but was still referenced in another object. 

Reproduce code:
---------------
http://users.pandora.be/paranet/poc.html


Expected result:
----------------
I expected that object C would still contain a reference to the first A object (A-1) i created, ...

Actual result:
--------------
(see comments in code for the actual output)

... instead A-1 was overwritten with a second A object (A-2) i created, that (!!!!!) used the same object id as the first A object.

PHP seems to be missing the fact that A-1 is still referenced inside the C object, and thus assigns the object id A-1 was using to A-2

Removing the part marked "important" in list_remove results in a normal behaviour, eg. C refers to A-1, not A-2. And A-2 doesn't get the same object id as A-1. The bug is probably somewhere in the code that removes an object from an array.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-06-24 10:38 UTC] paranoid at pcwereld dot be 
When using new C($a = new A()) instead of new C(new A()) the code seems to work like expected.
 [2004-08-14 01:14 UTC] andrey@php.net 
Shorter reproduce script. It shows that removing one reference with setting the variable holding it to NULL deletes the object thus leaving one reference handing. In the script of the original reporter this interferes with a creation of a new object of the class of the innormally deleted one and the new objects hooks on the nirvana reference created by the bug.
<?php
new C(new A("FUBAR"));

class A {
    public $text;
    
    function __construct($m){
        $this->text = $m;
    }
}


class C {
    public $e;
    public $e2;
    
    function __construct($elem){
        $this->e = $elem;
	$this->e2 = $elem;
	$this->e = null;
	var_dump($this);
    }
}
?>
Output :
object(C)#1 (2) {
  ["e"]=>
  NULL
  ["e2"]=>
  NULL
}
// "e2" has been deleted when $this->e =null; which is not correct IMHO
Similar example works correctly :
php -r '$a=new stdclass();$b=$a; $a=null; var_dump($a,$b);'
 [2005-03-06 20:32 UTC] sniper@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip
 [2005-03-14 01:00 UTC] php-bugs at lists dot php dot net 
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri May 03 12:01:30 2024 UTC