Edit report at http://bugs.php.net/bug.php?id=51758&edit=1
ID: 51758 Updated by: [email protected] Reported by: [email protected] Summary: zend_object_handlers.h prescribes incorrect behavior of write property handler Status: Feedback Type: Bug Package: Class/Object related Operating System: Not applicable PHP Version: 5.3.2 New Comment: Usually in zend_object.properties hash table. This is the code executed if the hash table lookup is successful (otherwise there's a fallback to __set) and the zval* stored is different from the one passed: if (PZVAL_IS_REF(*variable_ptr)) { zval garbage = **variable_ptr; /* old value should be destroyed */ /* To check: can't *variable_ptr be some system variable like error_zval here? */ Z_TYPE_PP(variable_ptr) = Z_TYPE_P(value); (*variable_ptr)->value = value->value; if (Z_REFCOUNT_P(value) > 0) { zval_copy_ctor(*variable_ptr); } zval_dtor(&garbage); } else { zval *garbage = *variable_ptr; /* if we assign referenced variable, we should separate it */ Z_ADDREF_P(value); if (PZVAL_IS_REF(value)) { SEPARATE_ZVAL(&value); } *variable_ptr = value; zval_ptr_dtor(&garbage); } As you can see, the reference count is changed. Previous Comments: ------------------------------------------------------------------------ [2010-05-12 09:39:57] [email protected] Where's the value modified in zend_std_weite_property()? ------------------------------------------------------------------------ [2010-05-06 20:47:08] [email protected] I also have some doubts about the accuracy of the first part (you may only modify it if its reference count is 1). Why 1? Since zend_std_write_property increments the refcount before storing the zval in the hash table, it would make more sense if it read "...its reference count is 0". Together with issue raised in body of the bug report, it makes me think perhaps this comment was written thinking the refcount would be incremented before the call to write_property. ------------------------------------------------------------------------ [2010-05-06 20:40:04] [email protected] Description: ------------ zend_object_handler.h reads (line 39): /* The following rule applies to write_property() and write_dimension() implementations: If you receive a value zval in write_property/write_dimension, you may only modify it if its reference count is 1. Otherwise, you must create a copy of that zval before making any changes. You should NOT modify the reference count of the value passed to you. */ Perhaps I'm reading the last phrase out of context, but zend_std_write_property() changes the reference count of the passed value in multiple places. Test script: --------------- Not applicable. Expected result: ---------------- Expected either no prescription for the refcount of the passed value not to be changed or the refcount of the passed value actually not be changed. Actual result: -------------- The implementation and the header prescription are inconsistent. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=51758&edit=1
