ID: 42976 Updated by: [EMAIL PROTECTED] Reported By: robin_fernandes at uk dot ibm dot com -Status: Assigned +Status: Closed Bug Type: Reproducible crash Operating System: * PHP Version: 5.2.4 Assigned To: johannes New Comment:
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2007-10-15 18:03:58] felipensp at gmail dot com GDB: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1211603264 (LWP 6092)] 0x0826a03c in _zval_ptr_dtor (zval_ptr=0xbfae34c8) at /home/felipe/php5.2-200710131830/Zend/zend_execute_API.c:412 412 (*zval_ptr)->refcount--; --------------------- Backtrace: #0 0x0826a03c in _zval_ptr_dtor (zval_ptr=0xbfae34c8) at /home/felipe/php5.2-200710131830/Zend/zend_execute_API.c:412 #1 0x08156d72 in zim_reflection_class_newInstance (ht=1, return_value=0x847ef88, return_value_ptr=0x0, this_ptr=0x847eee0, return_value_used=0) at /home/felipe/php5.2-200710131830/ext/reflection/php_reflection.c:3452 #2 0x08294748 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfae375c) at /home/felipe/php5.2-200710131830/Zend/zend_vm_execute.h:200 #3 0x082937b9 in execute (op_array=0x847e540) at /home/felipe/php5.2-200710131830/Zend/zend_vm_execute.h:92 #4 0x082761f2 in zend_execute_scripts (type=8, retval=<value optimized out>, file_count=3) at /home/felipe/php5.2-200710131830/Zend/zend.c:1134 #5 0x08235251 in php_execute_script (primary_file=0xbfae5b1c) at /home/felipe/php5.2-200710131830/main/main.c:2003 #6 0x082eecf5 in main (argc=2, argv=0xbfae5c34) at /home/felipe/php5.2-200710131830/sapi/cli/php_cli.c:1140 ------------------------------------------------------------------------ [2007-10-15 17:13:11] robin_fernandes at uk dot ibm dot com Description: ------------ In some cases, ReflectionClass::newInstance() and ReflectionClass::newInstanceArgs() can trigger a segmentation fault when the constructor of the reflected class takes arguments by reference. Tested on PHP 5.2.5-dev (cli) (built: Oct 15 2007 12:04:27) on Win XP. Reproduce code: --------------- <?php Class C { function __construct(&$x) { $x = "x.changed"; } } $x = "x.original"; new C($x); // OK var_dump($x); $rc = new ReflectionClass('C'); $x = "x.original"; $rc->newInstance($x); // causes crash var_dump($x); $x = "x.original"; $rc->newInstanceArgs(array($x)); // causes crash var_dump($x); ?> Expected result: ---------------- string(9) "x.changed" string(9) "x.changed" string(10) "x.original" Actual result: -------------- string(9) "x.changed" *CRASH* ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=42976&edit=1
