- Fixed bug in mysqli extension with unsigned int(11) being represented as
signed integer in PHP instead of string in 32bit systems. (Andrey)
- Fixed initializing and argument checking for posix_mknod(). (Derick)
+- Fixed bug #35239 (Objects can lose references). (Dmitry)
- Fixed bug #35229 (call_user_func() crashes when arguement_stack is nearly
full). (Dmitry)
- Fixed bug #35197 (Destructor is not called). (Tony)
--- /dev/null
+--TEST--
+Bug #35239 (Objects can lose references)
+--FILE--
+<?php
+$a = new stdClass;
+$a->x0 = new stdClass;
+$a->x0->y0 = 'a';
+$a->x0->y1 =& $a->x0;
+$a->x0->y2 =& $a->x0;
+$a->x0->y0 = 'b';
+var_dump($a);
+$a->x0->y1 = "ok\n";
+echo $a->x0;
+?>
+--EXPECT--
+object(stdClass)#1 (1) {
+ ["x0"]=>
+ &object(stdClass)#2 (3) {
+ ["y0"]=>
+ string(1) "b"
+ ["y1"]=>
+ &object(stdClass)#2 (3) {
+ ["y0"]=>
+ string(1) "b"
+ ["y1"]=>
+ *RECURSION*
+ ["y2"]=>
+ *RECURSION*
+ }
+ ["y2"]=>
+ &object(stdClass)#2 (3) {
+ ["y0"]=>
+ string(1) "b"
+ ["y1"]=>
+ *RECURSION*
+ ["y2"]=>
+ *RECURSION*
+ }
+ }
+}
+ok
return;
}
- if ((type==BP_VAR_W || type==BP_VAR_RW) && container->refcount>1 && !PZVAL_IS_REF(container)) {
- SEPARATE_ZVAL(container_ptr);
- container = *container_ptr;
- }
-
if (Z_OBJ_HT_P(container)->get_property_ptr_ptr) {
zval **ptr_ptr = Z_OBJ_HT_P(container)->get_property_ptr_ptr(container, prop_ptr TSRMLS_CC);
if(NULL == ptr_ptr) {
/* if we are assigning reference, we shouldn't move it, but instead assign variable
to the same pointer */
if (PZVAL_IS_REF(*variable_ptr)) {
- zval_dtor(*variable_ptr); /* old value should be destroyed */
+ zval garbage = **variable_ptr; /* old value should be destroyed */
+
/* To check: can't *variable_ptr be some system variable like error_zval here? */
(*variable_ptr)->type = value->type;
(*variable_ptr)->value = value->value;
if (value->refcount>0) {
zval_copy_ctor(*variable_ptr);
}
+ zval_dtor(&garbage);
setter_done = 1;
}
}
projects / php / commitdiff