|
sponsored links |
|
|
sponsored links
|
|
1
10th August 23:48
External User
Posts: 1
|
#36567 : $obj->arr with __set/__get cause data corrupted without any warning
From: xuefer at gmail dot com
Operating system: gentoo PHP version: 5CVS-2006-03-01 (CVS) PHP Bug Type: Scripting Engine problem Bug description: $obj->arr[] with __set/__get cause data corrupted without any warning Description: ------------ yeah, i know using "$obj->arr[]" with __set/__get, the result is undefined. but shouldn't it be denied? because it's causing really bad side effect now... and hard to debug if there's no warning. it's hard to know the instance $obj will be used as $obj->arr[] = ''; else where, if the project is big enough, while u implement __set/__get for classes happily relatived bug: http://bugs.php.net/bug.php?id=33941 Reproduce code: --------------- <?php class test { private $vars; public function __construct($vars) { $this->vars = $vars; } public function __get($key) { echo "get $key\n"; return $this->vars[$key]; } public function __set($key, $value) { echo "set $key to $value \n"; $this->vars[$key] = $value; } } $vars = array('test' => array(0 => "")); $obj = new test($vars); $obj->test[0] = 'modified'; var_dump($vars); ?> to reproduce the leak in http://bugs.php.net/bug.php?id=33941 <?php class test { private $vars; public function __construct($vars) { $this->vars = $vars; } public function __get($key) { return $this->vars[$key]; } } $vars = array('test' => array(0 => "")); $obj = new test($vars); $obj->undefined[0] = 'modified'; ?> Notice: Undefined index: undefined in /tmp/test.php on line 12 [Wed Mar 1 19:08:25 2006] Script: './/test.php' /usr/src/php5/Zend/zend_variables.h(45) : Freeing 0x08765E2C (9 bytes), script=.//test.php /usr/src/php5/Zend/zend_variables.c(120) : Actual location (location was relayed) [Wed Mar 1 19:08:25 2006] Script: './/test.php' /usr/src/php5/Zend/zend_execute.c(1020) : Freeing 0x0877BACC (35 bytes), script=.//test.php /usr/src/php5/Zend/zend_hash.c(383) : Actual location (location was relayed) [Wed Mar 1 19:08:25 2006] Script: './/test.php' /usr/src/php5/Zend/zend_execute.c(1076) : Freeing 0x0877BA7C (32 bytes), script=.//test.php /usr/src/php5/Zend/zend_hash.c(169) : Actual location (location was relayed) Last leak repeated 1 time [Wed Mar 1 19:08:25 2006] Script: './/test.php' /usr/src/php5/Zend/zend_execute.c(842) : Freeing 0x0877B9DC (16 bytes), script=.//test.php [Wed Mar 1 19:08:25 2006] Script: './/test.php' /usr/src/php5/Zend/zend_execute.c(1072) : Freeing 0x0877B88C (16 bytes), script=.//test.php Expected result: ---------------- output array(1) { ["test"]=> array(1) { [0]=> string(0) "" } } and just don't call __get/__set, raising a warning Actual result: -------------- get test array(1) { ["test"]=> array(1) { [0]=> string(8) "modified" } } -- Edit bug report at http://bugs.php.net/?id=36567&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=36567&r=trysnapshot44 Try a CVS snapshot (PHP 5.1): http://bugs.php.net/fix.php?id=36567&r=trysnapshot51 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=36567&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=36567&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=36567&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=36567&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=36567&r=needscript Try newer version: http://bugs.php.net/fix.php?id=36567&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=36567&r=support Expected behavior: http://bugs.php.net/fix.php?id=36567&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=36567&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=36567&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=36567&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=36567&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=36567&r=dst IIS Stability: http://bugs.php.net/fix.php?id=36567&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=36567&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=36567&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=36567&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=36567&r=mysqlcfg |
|
|
|
2
11th August 03:41
External User
Posts: 1
|
#36567 : $obj->arr with __set/__get cause data corrupted without any warning
ID: 36567
Updated by: tony2001@php.net Reported By: xuefer at gmail dot com -Status: Open +Status: Assigned Bug Type: Scripting Engine problem Operating System: gentoo PHP Version: 5CVS-2006-03-01 (CVS) -Assigned To: +Assigned To: dmitry New Comment: Dmitry, could you please look into this? Previous Comments: ------------------------------------------------------------------------ [2006-03-01 12:13:07] xuefer at gmail dot com Description: ------------ yeah, i know using "$obj->arr[]" with __set/__get, the result is undefined. but shouldn't it be denied? because it's causing really bad side effect now... and hard to debug if there's no warning. it's hard to know the instance $obj will be used as $obj->arr[] = ''; else where, if the project is big enough, while u implement __set/__get for classes happily relatived bug: http://bugs.php.net/bug.php?id=33941 Reproduce code: --------------- <?php class test { private $vars; public function __construct($vars) { $this->vars = $vars; } public function __get($key) { echo "get $key\n"; return $this->vars[$key]; } public function __set($key, $value) { echo "set $key to $value \n"; $this->vars[$key] = $value; } } $vars = array('test' => array(0 => "")); $obj = new test($vars); $obj->test[0] = 'modified'; var_dump($vars); ?> to reproduce the leak in http://bugs.php.net/bug.php?id=33941 <?php class test { private $vars; public function __construct($vars) { $this->vars = $vars; } public function __get($key) { return $this->vars[$key]; } } $vars = array('test' => array(0 => "")); $obj = new test($vars); $obj->undefined[0] = 'modified'; ?> Notice: Undefined index: undefined in /tmp/test.php on line 12 [Wed Mar 1 19:08:25 2006] Script: './/test.php' /usr/src/php5/Zend/zend_variables.h(45) : Freeing 0x08765E2C (9 bytes), script=.//test.php /usr/src/php5/Zend/zend_variables.c(120) : Actual location (location was relayed) [Wed Mar 1 19:08:25 2006] Script: './/test.php' /usr/src/php5/Zend/zend_execute.c(1020) : Freeing 0x0877BACC (35 bytes), script=.//test.php /usr/src/php5/Zend/zend_hash.c(383) : Actual location (location was relayed) [Wed Mar 1 19:08:25 2006] Script: './/test.php' /usr/src/php5/Zend/zend_execute.c(1076) : Freeing 0x0877BA7C (32 bytes), script=.//test.php /usr/src/php5/Zend/zend_hash.c(169) : Actual location (location was relayed) Last leak repeated 1 time [Wed Mar 1 19:08:25 2006] Script: './/test.php' /usr/src/php5/Zend/zend_execute.c(842) : Freeing 0x0877B9DC (16 bytes), script=.//test.php [Wed Mar 1 19:08:25 2006] Script: './/test.php' /usr/src/php5/Zend/zend_execute.c(1072) : Freeing 0x0877B88C (16 bytes), script=.//test.php Expected result: ---------------- output array(1) { ["test"]=> array(1) { [0]=> string(0) "" } } and just don't call __get/__set, raising a warning Actual result: -------------- get test array(1) { ["test"]=> array(1) { [0]=> string(8) "modified" } } ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=36567&edit=1 |
|
|
|
3
23rd August 14:35
External User
Posts: 1
|
#36567 : $obj->arr with __set/__get cause data corrupted without any warning
ID: 36567
Updated by: tony2001@php.net Reported By: xuefer at gmail dot com -Status: Assigned +Status: Closed Bug Type: Scripting Engine problem Operating System: gentoo PHP Version: 5CVS-2006-03-01 (CVS) Assigned To: dmitry New Comment: Not reproducible with 5.2-CVS. Previous Comments: ------------------------------------------------------------------------ [2006-03-02 15:43:11] tony2001@php.net Dmitry, could you please look into this? ------------------------------------------------------------------------ [2006-03-01 12:13:07] xuefer at gmail dot com Description: ------------ yeah, i know using "$obj->arr[]" with __set/__get, the result is undefined. but shouldn't it be denied? because it's causing really bad side effect now... and hard to debug if there's no warning. it's hard to know the instance $obj will be used as $obj->arr[] = ''; else where, if the project is big enough, while u implement __set/__get for classes happily relatived bug: http://bugs.php.net/bug.php?id=33941 Reproduce code: --------------- <?php class test { private $vars; public function __construct($vars) { $this->vars = $vars; } public function __get($key) { echo "get $key\n"; return $this->vars[$key]; } public function __set($key, $value) { echo "set $key to $value \n"; $this->vars[$key] = $value; } } $vars = array('test' => array(0 => "")); $obj = new test($vars); $obj->test[0] = 'modified'; var_dump($vars); ?> to reproduce the leak in http://bugs.php.net/bug.php?id=33941 <?php class test { private $vars; public function __construct($vars) { $this->vars = $vars; } public function __get($key) { return $this->vars[$key]; } } $vars = array('test' => array(0 => "")); $obj = new test($vars); $obj->undefined[0] = 'modified'; ?> Notice: Undefined index: undefined in /tmp/test.php on line 12 [Wed Mar 1 19:08:25 2006] Script: './/test.php' /usr/src/php5/Zend/zend_variables.h(45) : Freeing 0x08765E2C (9 bytes), script=.//test.php /usr/src/php5/Zend/zend_variables.c(120) : Actual location (location was relayed) [Wed Mar 1 19:08:25 2006] Script: './/test.php' /usr/src/php5/Zend/zend_execute.c(1020) : Freeing 0x0877BACC (35 bytes), script=.//test.php /usr/src/php5/Zend/zend_hash.c(383) : Actual location (location was relayed) [Wed Mar 1 19:08:25 2006] Script: './/test.php' /usr/src/php5/Zend/zend_execute.c(1076) : Freeing 0x0877BA7C (32 bytes), script=.//test.php /usr/src/php5/Zend/zend_hash.c(169) : Actual location (location was relayed) Last leak repeated 1 time [Wed Mar 1 19:08:25 2006] Script: './/test.php' /usr/src/php5/Zend/zend_execute.c(842) : Freeing 0x0877B9DC (16 bytes), script=.//test.php [Wed Mar 1 19:08:25 2006] Script: './/test.php' /usr/src/php5/Zend/zend_execute.c(1072) : Freeing 0x0877B88C (16 bytes), script=.//test.php Expected result: ---------------- output array(1) { ["test"]=> array(1) { [0]=> string(0) "" } } and just don't call __get/__set, raising a warning Actual result: -------------- get test array(1) { ["test"]=> array(1) { [0]=> string(8) "modified" } } ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=36567&edit=1 |
|
|
|
Linear Mode
