ID: 22836 Comment by: jseverson at myersinternet dot com Reported By: brunswim at seas dot upenn dot edu Status: Verified Bug Type: Scripting Engine problem Operating System: Debian Linux 2.4.18 PHP Version: 4.3.2-RC New Comment:
Same as bug <a href="http://bugs.php.net/bug.php?id=20583";>Bug 20583</a> I've posted a list of all bug reports I've found that seem to be related to this same php bug, 20583. Previous Comments: ------------------------------------------------------------------------ [2003-03-24 11:39:03] brunswim at seas dot upenn dot edu This seems similar to bug #22367 but causes problems more globally. Obviously, this is reproducible with a short script. In the following similar example, it may be more apparent that global corruption is taking place. <? function &f1() { return($a); } function f2() { $x = "bar"; $y = "bug!"; var_dump($x); print "<br>\n$x"; } $i =& f1(); $j =& f1(); f2(); ?> The output that I get is: NULL bug! So, after 2 references to uninitialized variables, everything behaves unpredictably. It is easy to see how this situation could occur in "real" code. In our case, we were building objects from a database select query. We were iterating through the rows and putting data in $a[]. When there were no rows, $a was never initialized, but it was extremely difficult to isolate the problem because other functions, across many files, were misbehaving due to this bug. ------------------------------------------------------------------------ [2003-03-24 04:29:46] [EMAIL PROTECTED] This problem has much to do with bug #22367. Assumed reason: unexpected change of EG(uninitialized_zval_ptr).. ------------------------------------------------------------------------ [2003-03-24 03:41:50] [EMAIL PROTECTED] I get same output plus these leaks: /usr/src/web/php/php4/Zend/zend_execute.c(436) : Freeing 0x0875A804 (4 bytes), script=t.php /usr/src/web/php/php4/Zend/zend_variables.c(111) : Actual location (location was relayed) /usr/src/web/php/php4/Zend/zend_execute.c(1702) : Freeing 0x0875A6EC (12 bytes), script=t.php ------------------------------------------------------------------------ [2003-03-24 01:45:41] brunswim at seas dot upenn dot edu For the record, the output I am getting for this script is: string(3) "foo" foo string(3) "foo" foo NULL foo NULL foo NULL foo NULL foo NULL foo NULL foo ------------------------------------------------------------------------ [2003-03-23 22:53:07] brunswim at seas dot upenn dot edu f() returns a reference to an uninitialized variable $a. In subsequent calls, this appears to corrupt the local variable $x. The following script demonstrates the problem. <? function &f() { $x = "foo"; var_dump($x); print "<br>\n$x<br>\n"; return($a); } for ($i = 0; $i < 8; $i++) { $h =& f(); } ?> On the third call to f(), $x prints fine but is reported to be NULL by var_dump(). Operations on $x will subsequently cause unexpected behavior. We can change the behavior of $x by adding the line: $y = "bar"; after the line: $x = "foo"; If we do this, printing $x returns "bar" but var_dump() still returns NULL. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=22836&edit=1
