php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #48221 memory leak when passing invalid xslt parameter
Submitted: 2009-05-10 13:43 UTC Modified: 2009-05-10 15:17 UTC
From: cweiske@php.net Assigned:
Status: Closed Package: XSLT related
PHP Version: 5.3.0RC2 OS: Linux
Private report: No CVE-ID: None
 [2009-05-10 13:43 UTC] cweiske@php.net
Description:
------------
One is able to pass invalid parameters to XSLTProcessor::setParameter. In this case, not all memory gets freed in ext/xsl/xsltprocessor.c::php_xsl_xslt_make_params since the values don't get filled and the array seems to be empty (NULL values).

Reproduce code:
---------------
--TEST--
Check xsltprocessor::setparameter error handling with both single and double quotes
--SKIPIF--
<?php
        if (!extension_loaded('xsl')) {
                die("skip\n");
        }
?>
--FILE--
<?php
include('prepare.inc');
$proc->importStylesheet($xsl);
$proc->setParameter('', '', '"\'');
$proc->transformToXml($dom);
--EXPECTF--
Warning: XSLTProcessor::transformToXml(): Cannot create XPath expression (string contains both
--CREDITS--
Christian Weiske, cweiske@php.net
PHP Testfest Berlin 2009-05-09


Actual result:
--------------
[Sun May 10 15:20:40 2009]  Script:  '/home/cweiske/Dev/cvs/php/testfest/tests/xsl/php_xsl_xslt_string_to_xpathexpr.php'
/home/cweiske/Dev/cvs/php/php-5.3.0RC2/Zend/zend_hash.c(1118) :  Freeing 0x0188D558 (1 bytes), script=/home/cweiske/Dev/cvs/php/testfest/tests/xsl/php_xsl_xslt_string_to_xpathexpr.php
=== Total 1 memory leaks detected ===

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-05-10 15:17 UTC] felipe@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Fixed in 5.2, 5.3 and HEAD. Thanks.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 08:01:29 2024 UTC