PHP :: Bug #73612 :: preg_*() may leak memory

Bug #73612	preg_*() may leak memory
Submitted:	2016-11-26 14:12 UTC	Modified:	2016-11-26 14:25 UTC
From:	cmb@php.net	Assigned:	cmb (profile)
Status:	Closed	Package:	PCRE related
PHP Version:	7.0Git-2016-11-26 (Git)	OS:	*
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	cmb@php.net
New email:
PHP Version:		OS:

New Comment:

[2016-11-26 14:12 UTC] cmb@php.net

Description:
------------
As has been pointed out by Nikita[1], as of PHP 7.0.0 zval_dtor()
is actually the same as zval_ptr_dtor_nogc(). Therefore
preg_match() and some other PCRE functions may leak memory if
objects are passed as $matches and $count, respectively.

[1] <http://news.php.net/php.internals/97197>


Test script:
---------------
<?php

$obj = new stdClass;
$obj->obj = $obj;
preg_match('/./', 'x', $obj);

$obj = new stdClass;
$obj->obj = $obj;
preg_replace('/./', '', 'x', -1, $obj);

$obj = new stdClass;
$obj->obj = $obj;
preg_replace_callback('/./', 'array_merge', 'x', -1, $obj);

$obj = new stdClass;
$obj->obj = $obj;
preg_replace_callback_array(['/./' => 'array_merge'], 'x', -1, $obj);

$obj = new stdClass;
$obj->obj = $obj;
preg_filter('/./', '', 'x', -1, $obj);


Actual result:
--------------
[Sat Nov 26 14:03:38 2016]  Script:  '/vagrant/leak.php'
/vagrant/php-src/Zend/zend_objects.c(162) :  Freeing 0x7FF12465ECD0 (40 bytes), script=/vagrant/leak.php
Last leak repeated 4 times
=== Total 5 memory leaks detected ===

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2016-11-26 14:25 UTC] cmb@php.net

-Assigned To: +Assigned To: cmb

[2016-11-26 15:18 UTC] cmb@php.net

Automatic comment on behalf of cmbecker69@gmx.de
Revision: http://git.php.net/?p=php-src.git;a=commit;h=003727d851da770c60555a2aecf6d82497b04f42
Log: Fix #73612: preg_*() may leak memory

[2016-11-26 15:18 UTC] cmb@php.net

-Status: Assigned +Status: Closed

[2016-11-30 23:13 UTC] davey@php.net

Automatic comment on behalf of cmbecker69@gmx.de
Revision: http://git.php.net/?p=php-src.git;a=commit;h=003727d851da770c60555a2aecf6d82497b04f42
Log: Fix #73612: preg_*() may leak memory

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 11:01:29 2024 UTC