php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #46380 incorrect reference counting in "=&new".
Submitted: 2008-10-24 13:40 UTC Modified: 2008-11-04 01:00 UTC
From: marek dot miska at netart dot pl Assigned: dmitry (profile)
Status: No Feedback Package: Reproducible crash
PHP Version: 5.2.6 OS: linux
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2008-10-24 13:40 UTC] marek dot miska at netart dot pl
Description:
------------
Incorrect reference counting in:
ZEND_VM_HANDLER(39, ZEND_ASSIGN_REF, VAR|CV, VAR|CV)
refcount is decremented twice.

(In short: ZEND_RETURNS_FUNCTION for "new" is missing).

It's fixed in 5.3.0alpha1 with ZEND_RETURNS_NEW.
But it will be nice to have it also in stable version.

Reproduce code:
---------------
<?
class A{
	function A() {
		global $g;
		$g[0] = $g[1] = $this;
	}

	function __destruct() { }
}

$g = array();

for($i=0; $i<1000; ++$i)
{
	$a =& new A;
}
?>

Expected result:
----------------
Exit without any errors.

Actual result:
--------------
Segmentation fault

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-10-24 15:40 UTC] jani@php.net
Dmitry, can you check this out please?
 [2008-10-24 15:41 UTC] jani@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/

Actually your script does not crash with latest CVS snapshot of PHP_5_2 branch.
 [2008-10-27 10:52 UTC] dmitry@php.net
I don't see any memory errors on this script with PHP_5_2 too.
 [2008-11-04 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 19:01:29 2024 UTC