PHP :: Bug #27338 :: [PATCH] Memory Leak in tsrm_virtual

Bug #27338	[PATCH] Memory Leak in tsrm_virtual_cwd.c
Submitted:	2004-02-21 00:31 UTC	Modified:	2004-03-09 09:42 UTC
From:	msisolak at yahoo dot com	Assigned:
Status:	Closed	Package:	*General Issues
PHP Version:	5CVS-2004-02-21 (dev)	OS:	win32
Private report:	No	CVE-ID:	None

View Developer Edit

[2004-02-21 00:31 UTC] msisolak at yahoo dot com

Description:
------------
In virtual_file_ex (TSRM/tsrm_virtual_cwd.c, line 292) the Win32 API
function GetLongPathName() is used to expand the value passed in the
path parameter.  This code mallocs a new string (called new_path), but
then sets the const path function parameter to the new malloc and
discards the new_path variable.  There is nothing later in the function
to ensure that this new malloc is freed.  Attached is my take on a fix
for this by leaving the new_path variable available so that it can be
freed at the end of the function.  There may be a cleaner way to do
this, but this patch is one approach.


Patch:
------

--- tsrm_virtual_cwd.c.orig	Tue Feb 17 12:10:55 2004
+++ tsrm_virtual_cwd.c	Tue Feb 17 12:07:59 2004
@@ -292,7 +292,7 @@  
 CWD_API int virtual_file_ex(cwd_state *state, const char *path, verify_path_func verify_path, int use_realpath)
 {
 	int path_length = strlen(path);
-	char *ptr, *path_copy;
+	char *ptr, *path_copy, *new_path;
 	char *tok = NULL;
 	int ptr_length;
 	cwd_state *old_state;
@@ -340,7 +340,6 @@ CWD_API int virtual_file_ex(cwd_state *s
 #if defined(TSRM_WIN32)
 	{
 		char *dummy = NULL;
-		char *new_path;
 		int new_path_length;
   
 		new_path_length = GetLongPathName(path, dummy, 0) + 1;
@@ -357,6 +356,7 @@ CWD_API int virtual_file_ex(cwd_state *s
 			path_length = new_path_length;
 		} else {
 			free(new_path);
+			new_path = NULL;
 		}
 	}
 #endif
@@ -465,6 +465,11 @@ CWD_API int virtual_file_ex(cwd_state *s
 	free(old_state);
 	
 	free(free_path);
+#if defined(TSRM_WIN32)
+	if (new_path) {
+		free(new_path);
+	}
+#endif
 #if VIRTUAL_CWD_DEBUG
 	fprintf (stderr, "virtual_file_ex() = %s\n",state->cwd);
 #endif

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-02-21 02:53 UTC] sniper@php.net

Does this apply to PHP_4_3 branch too?

[2004-02-21 17:11 UTC] msisolak at yahoo dot com

This section of code does not exist in the PHP_4_3 branch.  It wasn't added until version 1.52 of TSRM/tsrm_virtual_cwd.c and was not MFH.

[2004-03-09 09:42 UTC] iliaa@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sun Nov 02 13:00:01 2025 UTC