php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70547 unsetting function variables corrupts backtrace
Submitted: 2015-09-21 15:39 UTC Modified: 2015-09-21 19:16 UTC
From: classicScott at gmail dot com Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 7.0.0RC3 OS: Ubuntu 14.04
Private report: No CVE-ID:
 [2015-09-21 15:39 UTC] classicScott at gmail dot com
Description:
------------
If an arugment is `unset` inside of a function, it is also `unset` from the call stack and corrupts the argument array in the backtrace. This leads to a corrupt array that has a count > 0 and no elements within it. This happens with both debug_backtrace() and getTraceAsString() in the \Exception class.

Test script:
---------------
https://gist.github.com/terpfear/4adab63546659d1f3cab

Expected result:
----------------
Results obtained from php 5.5.9
array(2) {
  [0] =>
  string(6) "string"
  [1] =>
  string(13) "anything else"
}
	1) /home/scottf/sandbox/funsies/phpFun/php7BreakingArray.php(18): brokenTrace('string', 'anything else')

unsetting arg1
array(2) {
  [0] =>
  string(6) "string"
  [1] =>
  string(13) "anything else"
}
	1) /home/scottf/sandbox/funsies/phpFun/php7BreakingArray.php(18): brokenTrace('string', 'anything else')

unsetting arg2
array(2) {
  [0] =>
  string(6) "string"
  [1] =>
  string(13) "anything else"
}
	1) /home/scottf/sandbox/funsies/phpFun/php7BreakingArray.php(18): brokenTrace('string', 'anything else')


Actual result:
--------------
array(2) {
  [0]=>
  string(6) "string"
  [1]=>
  string(13) "anything else"
}
	1) /home/scottf/sandbox/funsies/phpFun/php7BreakingArray.php(18): brokenTrace('string', 'anything else')

unsetting arg1
array(2) {
  [1]=>
  string(13) "anything else"
}
	1) /home/scottf/sandbox/funsies/phpFun/php7BreakingArray.php(18): brokenTrace('anything else')

unsetting arg2
array(2) {
}
	1) /home/scottf/sandbox/funsies/phpFun/php7BreakingArray.php(18): brokenTrace()


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-09-21 16:58 UTC] bwoebi@php.net
-Status: Open +Status: Not a bug -Package: Performance problem +Package: Scripting Engine problem
 [2015-09-21 16:58 UTC] bwoebi@php.net
This actually is an intentional change as noted by
http://git.php.net/?p=php-src.git;a=blob;f=UPGRADING;h=aa5f82c49abf4e36476b328c2fc8820d4672c72a;hb=refs/heads/PHP-7.0#l190

Which is a performance optimization. So, just don't alter the passed args and you are fine. (Marking as Not a bug.)
 [2015-09-21 17:47 UTC] classicScott at gmail dot com
I believe there is still a bug in this example, separate from the defined behavior (Thank you for providing the link). After the parameters have been unset, the array size is still reporting 2. It does not make sense for an array to report it has 2 elements when it has 0. Trying to access those elements will create a notice: undefined offset.

https://gist.github.com/terpfear/e9fdc85e91c5c4da452e
 [2015-09-21 19:16 UTC] bwoebi@php.net
-Status: Not a bug +Status: Re-Opened
 [2015-09-21 19:16 UTC] bwoebi@php.net
Yes, that's indeed a bug, caused by this.

Thus re-opening.
 [2015-09-22 04:01 UTC] laruence@php.net
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e1dcfd2cf900995fba28866dfb52fa68171d1ab8
Log: Fixed bug #70547 (unsetting function variables corrupts backtrace)
 [2015-09-22 04:01 UTC] laruence@php.net
-Status: Re-Opened +Status: Closed
 [2015-09-22 06:02 UTC] laruence@php.net
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=0f3ab1c2d03c27ebee0156cd8bfbb1c5721d9f32
Log: Fixed #70547 similar bug in func_get_args
 [2015-09-29 13:10 UTC] ab@php.net
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=0f3ab1c2d03c27ebee0156cd8bfbb1c5721d9f32
Log: Fixed #70547 similar bug in func_get_args
 [2015-09-29 13:10 UTC] ab@php.net
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e1dcfd2cf900995fba28866dfb52fa68171d1ab8
Log: Fixed bug #70547 (unsetting function variables corrupts backtrace)
 [2016-07-20 11:36 UTC] davey@php.net
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=0f3ab1c2d03c27ebee0156cd8bfbb1c5721d9f32
Log: Fixed #70547 similar bug in func_get_args
 [2016-07-20 11:36 UTC] davey@php.net
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e1dcfd2cf900995fba28866dfb52fa68171d1ab8
Log: Fixed bug #70547 (unsetting function variables corrupts backtrace)
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Aug 29 15:01:52 2017 UTC