php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #39320 ZEND_HASH_APPLY_STOP causes deletion
Submitted: 2006-10-31 11:39 UTC Modified: 2006-11-03 19:05 UTC
From: wharmby at uk dot ibm dot com Assigned: helly
Status: Closed Package: Scripting Engine problem
PHP Version: 5.2.0 OS: *
Private report: No CVE-ID:
 [2006-10-31 11:39 UTC] wharmby at uk dot ibm dot com
Description:
------------
Specifying hash apply call-back function return code of
ZEND_HASH_APPLY_STOP results in deletion of current element
from subject hash table rather than halting of iteration as
expected, i.e ZEND_HASH_APPLY_STOP treated same as 
ZEND_HASH_APPLY_REMOVE.

I spotted this bug reviewing code the engine code whilst
reading Sara Golemon's book "Extending and Embedding PHP".
The meanings of the various callback return codes are listed
on page 99 and the text suggests they can all be used by
all the hash_apply_* functions. No comments in code or online documentation on php.net suggest otherwise.

The test case below uses zend_hash_apply() but the defect, if indeed it is a defect, exists in all 3 zend_hash_apply functions; namely:

    ZEND_API void zend_hash_apply(HashTable *ht,
                      apply_func_t apply_func TSRMLS_DC);
    ZEND_API void zend_hash_apply_with_argument(
                      HashTable *ht, 
                      apply_func_arg_t apply_func,
                      void * TSRMLS_DC);
    ZEND_API void zend_hash_apply_with_arguments(
                      HashTable *ht, 
                      apply_func_args_t apply_func, 
                      int numargs, ...); 

All 3 functions delete the current entry on a non-zero
return from the "apply_func".

I have reviewed the open defects and can see no defect which
covers the reported behaviour. 

I have tried the latest snap-shot build for Windows which at the time was "Oct 31, 2006 09:30 GMT" phpinfo() shows PHP version as "Version => 5.2.1-dev". 

Problem also persists in latest checked in version of file in CVS.

Andy Wharmby
IBM United Kingdom Limited





Reproduce code:
---------------
Reproduce code is posted here: 

                  http://pastebin.ca/230657

Possible fix to zend_hash.c posted here: 
 
                  http://pastebin.ca/230668

Expected result:
----------------
Test 1: zend_hash_apply with stop colour red
Stop_on_red called for element: orange
Stop_on_red called for element: green
Stop_on_red called for element: blue
Stop_on_red called for element: red
Array contents after test:  orange green blue red yellow purple indigo
TEST 1 PASSED


Test 2: zend_hash_apply_with_argument with stop colour prurple
Stop_on_colour called for element:orange
Stop_on_colour called for element:green
Stop_on_colour called for element:blue
Stop_on_colour called for element:red
Stop_on_colour called for element:yellow
Stop_on_colour called for element:purple
Array contents after test:  orange green blue red yellow purple indigo
TEST 2 PASSED


Test 3: zend_hash_apply_with_arguments with stop colours yellow and black
Stop_on_either_colour called for element: orange
Stop_on_either_colour called for element: green
Stop_on_either_colour called for element: blue
Stop_on_either_colour called for element: red
Stop_on_either_colour called for element: yellow
Array contents after test:  orange green blue red yellow purple indigo
TEST 3 PASSED

Actual result:
--------------
Test 1: zend_hash_apply with stop colour red
Stop_on_red called for element: orange
Stop_on_red called for element: green
Stop_on_red called for element: blue
Stop_on_red called for element: red
Stop_on_red called for element: yellow
Stop_on_red called for element: purple
Stop_on_red called for element: indigo
Array contents after test:  orange green blue yellow purple indigo
TEST 1 FAILED


Test 2: zend_hash_apply_with_argument with stop colour  prurple
Stop_on_colour called for element:orange
Stop_on_colour called for element:green
Stop_on_colour called for element:blue
Stop_on_colour called for element:red
Stop_on_colour called for element:yellow
Stop_on_colour called for element:purple
Stop_on_colour called for element:indigo
Array contents after test:  orange green blue red yellow indigo
TEST 2 FAILED


Test 3: zend_hash_apply_with_arguments with stop colours yellow and black
Stop_on_either_colour called for element: orange
Stop_on_either_colour called for element: green
Stop_on_either_colour called for element: blue
Stop_on_either_colour called for element: red
Stop_on_either_colour called for element: yellow
Stop_on_either_colour called for element: purple
Stop_on_either_colour called for element: indigo
Array contents after test:  orange green blue red purple indigo
TEST 3 FAILED


The actual results show that ZEND_HASH_APPLY_STOP is being
interpreted as ZEND_HASH_APPLY_REMOVE in all 3 cases; in all
cases the stop colour is being removed and the call-back 
routine is being called for ALL elements of subject hash 
table.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-10-31 22:06 UTC] helly@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Might get fixed later in 5.2
 [2006-11-03 19:05 UTC] helly@php.net
Fixed in 5.2.1
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 19:01:51 2014 UTC