Edit report at http://bugs.php.net/bug.php?id=52237&edit=1
ID: 52237 Updated by: [email protected] Reported by: sfera7512 at yahoo dot com Summary: Crash when passing the reference of the property of a non-object Status: Assigned Type: Bug Package: Reproducible crash Operating System: All PHP Version: 5.2, 5.3, trunk Assigned To: dmitry New Comment: The issue is that $data->info actually pointers to EG(error_zval_ptr) because $data is not empty, thus no object is created. Previous Comments: ------------------------------------------------------------------------ [2010-07-03 00:07:38] [email protected] This is a common problem with variable converted internally to object and passing an inexistent property to function that expects reference. e.g. <?php $data = 'test'; preg_match('//', '', $data->info); Warning: Attempt to modify property of non-object in /home/felipe/dev/bug.php on line 4 [Fri Jul 2 19:06:18 2010] Script: '../bug.php' /home/felipe/dev/php5/ext/pcre/php_pcre.c(543) : Freeing 0x0891D378 (44 bytes), script=../bug.php /home/felipe/dev/php5/Zend/zend_API.c(957) : Actual location (location was relayed) Last leak repeated 1 time [Fri Jul 2 19:06:18 2010] Script: '../bug.php' /home/felipe/dev/php5/Zend/zend_API.c(1349) : Freeing 0x0891D51C (20 bytes), script=../bug.php [Fri Jul 2 19:06:18 2010] Script: '../bug.php' /home/felipe/dev/php5/Zend/zend_API.c(1350) : Freeing 0x0891D560 (1 bytes), script=../bug.php [Fri Jul 2 19:06:18 2010] Script: '../bug.php' /home/felipe/dev/php5/Zend/zend_API.c(1352) : Freeing 0x0891D594 (35 bytes), script=../bug.php /home/felipe/dev/php5/Zend/zend_hash.c(388) : Actual location (location was relayed) === Total 5 memory leaks detected === ------------------------------------------------------------------------ [2010-07-02 19:30:33] sfera7512 at yahoo dot com Description: ------------ > php5ts_debug.dll!zval_addref_p(_zval_struct * pz=0x034e1b73) Line 381 + 0x3 bytes C php5ts_debug.dll!zend_fetch_property_address(_temp_variable * result=0x028e3778, _zval_struct * * container_ptr=0x3d767c8c, _zval_struct * prop_ptr=0x3d529e48, int type=1, void * * * tsrm_ls=0x024c1b18) Line 1150 + 0x18 bytes C php5ts_debug.dll!ZEND_FETCH_OBJ_W_SPEC_VAR_CONST_HANDLER(_zend_execute_data * execute_data=0x028e3070, void * * * tsrm_ls=0x024c1b18) Line 10092 + 0x20 bytes C php5ts_debug.dll!execute(_zend_op_array * op_array=0x03161028, void * * * tsrm_ls=0x024c1b18) Line 107 + 0x11 bytes C php5ts_debug.dll!zend_execute_scripts(int type=8, void * * * tsrm_ls=0x024c1b18, _zval_struct * * retval=0x00000000, int file_count=3, ...) Line 1194 + 0x21 bytes C php5ts_debug.dll!php_execute_script(_zend_file_handle * primary_file=0x00c1fed8, void * * * tsrm_ls=0x024c1b18) Line 2260 + 0x1b bytes C php.exe!main(int argc=2, char * * argv=0x024c3f38) Line 1192 + 0x13 bytes C php.exe!__tmainCRTStartup() Line 586 + 0x19 bytes C php.exe!mainCRTStartup() Line 403 C kernel32.dll!763c3677() [Frames below may be incorrect and/or missing, no symbols loaded for kernel32.dll] ntdll.dll!76f39d72() ntdll.dll!76f39d45() Test script: --------------- while (1) { $data = 'test'; parse_str($data,$data->info); } Expected result: ---------------- should throw Warning: Attempt to modify property of non-object Actual result: -------------- crash ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=52237&edit=1
