php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69212 Leaking VIA_HANDLER func when exception thrown in __call/... arg passing
Submitted: 2015-03-10 13:56 UTC Modified: -
From: nikic@php.net Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 5.5.22 OS:
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: nikic@php.net
New email:
PHP Version: OS:

 

 [2015-03-10 13:56 UTC] nikic@php.net
Description:
------------
Script:

<?php

class Test {
    public static function __callStatic($method, $args) {}
}

function do_throw() { throw new Exception; }

try {
    Test::foo(do_throw());
} catch (Exception $e) {
    echo $e, "\n";
}

Output (valgrind):

exception 'Exception' in /home/nikic/php-5.6/t004.php:7
Stack trace:
#0 /home/nikic/php-5.6/t004.php(10): do_throw()
#1 {main}
==3036== 
==3036== HEAP SUMMARY:
==3036==     in use at exit: 76 bytes in 2 blocks
==3036==   total heap usage: 14,602 allocs, 14,600 frees, 3,148,477 bytes allocated
==3036== 
==3036== 76 (72 direct, 4 indirect) bytes in 1 blocks are definitely lost in loss record 2 of 2
==3036==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3036==    by 0x7D7983: _emalloc (zend_alloc.c:2427)
==3036==    by 0x84668E: zend_get_user_callstatic_function (zend_object_handlers.c:1137)
==3036==    by 0x846A2A: zend_std_get_static_method (zend_object_handlers.c:1192)
==3036==    by 0x857699: ZEND_INIT_STATIC_METHOD_CALL_SPEC_CONST_CONST_HANDLER (zend_vm_execute.h:3596)
==3036==    by 0x84FCB6: execute_ex (zend_vm_execute.h:363)
==3036==    by 0x84FD3F: zend_execute (zend_vm_execute.h:388)
==3036==    by 0x810E00: zend_execute_scripts (zend.c:1327)
==3036==    by 0x779E7A: php_execute_script (main.c:2525)
==3036==    by 0x8BFAB4: do_cli (php_cli.c:994)
==3036==    by 0x8C0DE2: main (php_cli.c:1378)

We don't three the ZEND_ACC_CALL_VIA_HANDLER temp function. Applies to __call, __callStatic and probably Closure __invoke.

Reproducible in PHP 5.5, PHP 5.6 and PHP 7.


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-03-10 17:26 UTC] nikic@php.net
Automatic comment on behalf of nikic
Revision: http://git.php.net/?p=php-src.git;a=commit;h=bc9f2fb8dfadc1dba4264695ded28f673c54dc75
Log: Fixed bug #69212
 [2015-03-10 17:26 UTC] nikic@php.net
-Status: Open +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Dec 03 17:01:29 2024 UTC