- Fixed bug #32682 (ext/mssql: Error on module shutdown when called from
activescript). (Frank)
- Fixed bug #32674 (exception in iterator causes crash). (Dmitry)
+- Fixed bug #32660 (Assignment by reference causes crash when field access is
+ overloaded (__get)). (Dmitry)
- Fixed bug #32647 (Using register_shutdown_function() with invalid callback
can crash PHP). (Jani)
- Fixed bug #32615 (Segfault in replaceChild() using fragment when
--- /dev/null
+--TEST--
+Bug #32660 Assignment by reference causes crash when field access is overloaded (__get)
+--FILE--
+<?php
+class A
+{
+ public $q;
+
+ function __construct()
+ {
+ $this->q = 3;//array();
+ }
+
+ function __get($name)
+ {
+ return $this->q;
+ }
+}
+
+$a = new A;
+
+$b = "short";
+$c =& $a->whatever;
+$c = "long";
+print_r($a);
+$a->whatever =& $b;
+$b = "much longer";
+print_r($a);
+?>
+--EXPECTF--
+A Object
+(
+ [q] => long
+)
+
+Fatal error: Cannot assign by reference to overloaded object in %sbug32660.php on line 23
if (opline->op2.op_type == IS_VAR &&
!(*value_ptr_ptr)->is_ref &&
- opline->extended_value == ZEND_RETURNS_FUNCTION &&
- !EX_T(opline->op2.u.var).var.fcall_returned_reference) {
+ opline->extended_value == ZEND_RETURNS_FUNCTION &&
+ !EX_T(opline->op2.u.var).var.fcall_returned_reference) {
PZVAL_LOCK(*value_ptr_ptr); /* undo the effect of get_zval_ptr_ptr() */
zend_error(E_STRICT, "Only variables should be assigned by reference");
return zend_assign_handler(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU);
}
+ if (opline->op1.op_type == IS_VAR && EX_T(opline->op1.u.var).var.ptr_ptr == &EX_T(opline->op1.u.var).var.ptr) {
+ zend_error(E_ERROR, "Cannot assign by reference to overloaded object");
+ }
zend_assign_to_variable_reference(&opline->result, get_zval_ptr_ptr(&opline->op1, EX(Ts), BP_VAR_W), value_ptr_ptr, EX(Ts) TSRMLS_CC);
projects / php / commitdiff