php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #54013 ReflectionParam for duplicate parameter contains garbage
Submitted: 2011-02-14 14:52 UTC Modified: 2011-02-18 00:25 UTC
From: arjen at react dot nl Assigned: felipe (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: 5.3.5 OS:
Private report: No CVE-ID: None
 [2011-02-14 14:52 UTC] arjen at react dot nl
Description:
------------
ReflectionParam object for 2nd parameter contains random value for name property.

Test script:
---------------
<?php

class a
{
        function b($a, $a)
        {
                $params = func_get_args();
                var_dump($params, $a);
        }
}


$c = new a;
$c->b('waa?', 'meukee!');

$reflectionClass = new ReflectionClass($c);
$params = $reflectionClass->getMethod('b')->getParameters();

var_dump($params);

Expected result:
----------------
array
  0 => string 'waa?' (length=4)
  1 => string 'meukee!' (length=7)

string 'meukee!' (length=7)

array
  0 => &
    object(ReflectionParameter)[4]
      public 'name' => string 'a' (length=1)
  1 => &
    object(ReflectionParameter)[5]
      public 'name' => string 'a' (length=1)


or exception/error..

Actual result:
--------------
array
  0 => string 'waa?' (length=4)
  1 => string 'meukee!' (length=7)

string 'meukee!' (length=7)

array
  0 => &
    object(ReflectionParameter)[4]
      public 'name' => string 'a' (length=1)
  1 => &
    object(ReflectionParameter)[5]
      public 'name' => string '<<insert random byte here>>' (length=1)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-02-14 14:52 UTC] arjen at react dot nl
Related to http://bugs.php.net/bug.php?id=43512
 [2011-02-14 15:52 UTC] cataphract@php.net
-Package: Reflection related +Package: Scripting Engine problem
 [2011-02-14 15:52 UTC] cataphract@php.net
This appears to be unrelated to reflection. Omitting the reflection part, valgrind says:

==6643== Invalid read of size 1
==6643==    at 0x4C25FF8: memcpy (mc_replace_strmem.c:497)
==6643==    by 0x6A8717: _estrndup (zend_alloc.c:2497)
==6643==    by 0x6B5D18: zend_do_receive_arg (zend_compile.c:1512)
==6643==    by 0x696369: zendparse (zend_language_parser.y:457)
==6643==    by 0x6A04F1: compile_file (zend_language_scanner.l:364)
==6643==    by 0x566250: phar_compile_file (phar.c:3393)
==6643==    by 0x6C43D8: zend_execute_scripts (zend.c:1186)
==6643==    by 0x671DC6: php_execute_script (main.c:2268)
==6643==    by 0x74EA6A: main (php_cli.c:1193)
==6643==  Address 0x6fe0470 is 0 bytes inside a block of size 2 free'd
==6643==    at 0x4C240FD: free (vg_replace_malloc.c:366)
==6643==    by 0x6ACD95: lookup_cv (zend_compile.c:273)
==6643==    by 0x6AED32: fetch_simple_variable_ex (zend_compile.c:388)
==6643==    by 0x69632B: zendparse (zend_language_parser.y:457)
==6643==    by 0x6A04F1: compile_file (zend_language_scanner.l:364)
==6643==    by 0x566250: phar_compile_file (phar.c:3393)
==6643==    by 0x6C43D8: zend_execute_scripts (zend.c:1186)
==6643==    by 0x671DC6: php_execute_script (main.c:2268)
==6643==    by 0x74EA6A: main (php_cli.c:1193)
==6643==
 [2011-02-18 00:25 UTC] felipe@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: felipe
 [2011-02-18 00:25 UTC] felipe@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Mon Nov 18 20:01:35 2019 UTC