|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #32660 Assignment by reference causes crash when field access is overloaded (__get)
Submitted: 2005-04-10 22:22 UTC Modified: 2005-06-23 13:05 UTC
From: ladislav dot prosek at matfyz dot cz Assigned: dmitry (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: 5CVS-2005-06-19 OS: *
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: ladislav dot prosek at matfyz dot cz
New email:
PHP Version: OS:


 [2005-04-10 22:22 UTC] ladislav dot prosek at matfyz dot cz
There is probably a bug in memory allocation related to property getters. Note that the behavior depends on lengths of the two strings and also on the way the $q property is initialized.

Reproduce code:
class A
	var $q;

	function __construct()
		$this->q = array();

	function __get($name)
		return $this->q;

$a = new A;

$b = "short";
$a->whatever =& $b;
$b = "much longer";


Expected result:
// as __get does not return a reference
// the output should IMHO look like this:

object(A)#1 (1) {
  array(0) {

// if you guys think the output should be
// different, please do explain it!

Actual result:
object(A)#1 (1) {


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2005-04-11 02:04 UTC]
object(A)#1 (1) {
/usr/src/php/php5/Zend/zend_execute.c(891) :  Freeing 0x0A117D6C (16 bytes), script=/home/jani/t.php
/usr/src/php/php5/Zend/zend_variables.h(45) :  Freeing 0x0A117D2C (12 bytes), script=/home/jani/t.php
/usr/src/php/php5/Zend/zend_variables.c(120) : Actual location (location was relayed)
=== Total 2 memory leaks detected ===

 [2005-05-11 12:40 UTC]
Initializing $a->whatever before assigning reference can be used as a temporary workaround.
 [2005-06-20 10:50 UTC]
Dmitry, plz take a look into it, it's still valid for HEAD.
 [2005-06-23 13:05 UTC]
Fixed in CVS HEAD and PHP_5_0.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue May 21 02:01:35 2024 UTC