php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #19544 Reference counting problem in php_COM_set
Submitted: 2002-09-21 16:54 UTC Modified: 2002-10-02 08:01 UTC
From: ge at gse dot nl Assigned:
Status: Closed Package: COM related
PHP Version: 4.2.3 OS: Windows 2000
Private report: No CVE-ID:
 [2002-09-21 16:54 UTC] ge at gse dot nl
I think there is a reference counting problem in function php_COM_set in file COM.c for collection objects.
First, the DISPID_NEWENUM function is Invoke()ed to retrieve an enumerator. If this succeeds, the enumerator is created and according to COM rules its reference count should be 1. Next, an explicit AddRef() is done on the enumerator, setting its reference count to 2. The following QueryInterface (if it succeeds) will increment the reference count to 3. After that, FREE_VARIANT will call VariantClear which in turn will Release() the enumerator, leaving the reference count at 2 when the function is exited.
When the object is finally released in php_COM_release, the enumerator will be Release()ed also, but since the reference count was 2 this will only bring the reference count down to 1 and therefore the enumerator will not clean up itself.
I think the enumerator should NOT be AddRef()ed in php_COM_set. The MSDN article "Implementing Automation Collections" <http://msdn.microsoft.com/library/en-us/dnautoma/html/msdn_collect.asp> says this about how Visual Basic handles For Each:
Step 1: Retrieve the value of docs._NewEnum into punk (remember that _NewNum is of type IUnknown*). 
Step 2: QueryInterface on punk for IEnumVARIANT (pUnk->QueryInterface( IID_IEnumVARIANT, &penum)). Release punk. 
Step 3: While penum->Next returns a valid VARIANT, execute the code within the For Each clause, using the IDispatch pointer stored in the variant for all references to "doc". 
Step 4: Release penum.
Note that there is no AddRef() here.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-10-02 08:01 UTC] phanto@php.net
should be fixed in cvs now, don't know how these addrefs came there :)
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 23 14:02:33 2014 UTC