Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:844 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 46558 invoked from network); 10 Apr 2003 20:44:53 -0000 Received: from unknown (HELO longsword.omniti.com) (66.80.117.3) by pb1.pair.com with SMTP; 10 Apr 2003 20:44:53 -0000 Received: from ip-66-80-117-2.nyc.megapath.net ([66.80.117.2] helo=maya.local.) by longsword.omniti.com with asmtp (TLSv1:DES-CBC3-SHA:168) (Exim 3.36 #9) id 193iuT-0005dY-00 for internals@lists.php.net; Thu, 10 Apr 2003 16:44:37 -0400 Date: Thu, 10 Apr 2003 16:46:08 -0400 Mime-Version: 1.0 (Apple Message framework v543) Content-Type: text/plain; charset=US-ASCII; format=flowed To: internals@lists.php.net Content-Transfer-Encoding: 7bit Message-ID: <75071E79-6B95-11D7-96AD-000393B2B3C0@omniti.com> X-Mailer: Apple Mail (2.543) Subject: ze1 question (bug 23132) From: george@omniti.com (George Schlossnagle) I'm trying to track down a ze1 bug for edin: http://bugs.php.net/bug.php?id=23132 What's happening is that under certain conditions (like the testcase in the bug) Variables passed by reference into a function are being reference counted in ZEND_RECV (correct), but not being dereferenced when the function ends and their copy-pointer falls out of scope. In the test case this is done in a loop, which eventually causes the zvals refcount to overflow causing it to be accidentally garbage collected, causing a segfault. I've found and witnessed all of the above, but I'm not sure where the variables should be deref'd when the function ends. Any pointers from anyone in the know?