From: xuefer at gmail dot com Operating system: gentoo PHP version: 5CVS-2006-03-01 (CVS) PHP Bug Type: Scripting Engine problem Bug description: $obj->arr[] with __set/__get cause data corrupted without any warning
Description: ------------ yeah, i know using "$obj->arr[]" with __set/__get, the result is undefined. but shouldn't it be denied? because it's causing really bad side effect now... and hard to debug if there's no warning. it's hard to know the instance $obj will be used as $obj->arr[] = ''; else where, if the project is big enough, while u implement __set/__get for classes happily relatived bug: http://bugs.php.net/bug.php?id=33941 Reproduce code: --------------- <?php class test { private $vars; public function __construct($vars) { $this->vars = $vars; } public function __get($key) { echo "get $key\n"; return $this->vars[$key]; } public function __set($key, $value) { echo "set $key to $value \n"; $this->vars[$key] = $value; } } $vars = array('test' => array(0 => "")); $obj = new test($vars); $obj->test[0] = 'modified'; var_dump($vars); ?> to reproduce the leak in http://bugs.php.net/bug.php?id=33941 <?php class test { private $vars; public function __construct($vars) { $this->vars = $vars; } public function __get($key) { return $this->vars[$key]; } } $vars = array('test' => array(0 => "")); $obj = new test($vars); $obj->undefined[0] = 'modified'; ?> Notice: Undefined index: undefined in /tmp/test.php on line 12 [Wed Mar 1 19:08:25 2006] Script: './/test.php' /usr/src/php5/Zend/zend_variables.h(45) : Freeing 0x08765E2C (9 bytes), script=.//test.php /usr/src/php5/Zend/zend_variables.c(120) : Actual location (location was relayed) [Wed Mar 1 19:08:25 2006] Script: './/test.php' /usr/src/php5/Zend/zend_execute.c(1020) : Freeing 0x0877BACC (35 bytes), script=.//test.php /usr/src/php5/Zend/zend_hash.c(383) : Actual location (location was relayed) [Wed Mar 1 19:08:25 2006] Script: './/test.php' /usr/src/php5/Zend/zend_execute.c(1076) : Freeing 0x0877BA7C (32 bytes), script=.//test.php /usr/src/php5/Zend/zend_hash.c(169) : Actual location (location was relayed) Last leak repeated 1 time [Wed Mar 1 19:08:25 2006] Script: './/test.php' /usr/src/php5/Zend/zend_execute.c(842) : Freeing 0x0877B9DC (16 bytes), script=.//test.php [Wed Mar 1 19:08:25 2006] Script: './/test.php' /usr/src/php5/Zend/zend_execute.c(1072) : Freeing 0x0877B88C (16 bytes), script=.//test.php Expected result: ---------------- output array(1) { ["test"]=> array(1) { [0]=> string(0) "" } } and just don't call __get/__set, raising a warning Actual result: -------------- get test array(1) { ["test"]=> array(1) { [0]=> string(8) "modified" } } -- Edit bug report at http://bugs.php.net/?id=36567&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=36567&r=trysnapshot44 Try a CVS snapshot (PHP 5.1): http://bugs.php.net/fix.php?id=36567&r=trysnapshot51 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=36567&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=36567&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=36567&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=36567&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=36567&r=needscript Try newer version: http://bugs.php.net/fix.php?id=36567&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=36567&r=support Expected behavior: http://bugs.php.net/fix.php?id=36567&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=36567&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=36567&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=36567&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=36567&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=36567&r=dst IIS Stability: http://bugs.php.net/fix.php?id=36567&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=36567&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=36567&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=36567&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=36567&r=mysqlcfg
