php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #27338 [PATCH] Memory Leak in tsrm_virtual_cwd.c
Submitted: 2004-02-21 00:31 UTC Modified: 2004-03-09 09:42 UTC
From: msisolak at yahoo dot com Assigned:
Status: Closed Package: *General Issues
PHP Version: 5CVS-2004-02-21 (dev) OS: win32
Private report: No CVE-ID:
 [2004-02-21 00:31 UTC] msisolak at yahoo dot com
Description:
------------
In virtual_file_ex (TSRM/tsrm_virtual_cwd.c, line 292) the Win32 API
function GetLongPathName() is used to expand the value passed in the
path parameter.  This code mallocs a new string (called new_path), but
then sets the const path function parameter to the new malloc and
discards the new_path variable.  There is nothing later in the function
to ensure that this new malloc is freed.  Attached is my take on a fix
for this by leaving the new_path variable available so that it can be
freed at the end of the function.  There may be a cleaner way to do
this, but this patch is one approach.


Patch:
------

--- tsrm_virtual_cwd.c.orig	Tue Feb 17 12:10:55 2004
+++ tsrm_virtual_cwd.c	Tue Feb 17 12:07:59 2004
@@ -292,7 +292,7 @@  
 CWD_API int virtual_file_ex(cwd_state *state, const char *path, verify_path_func verify_path, int use_realpath)
 {
 	int path_length = strlen(path);
-	char *ptr, *path_copy;
+	char *ptr, *path_copy, *new_path;
 	char *tok = NULL;
 	int ptr_length;
 	cwd_state *old_state;
@@ -340,7 +340,6 @@ CWD_API int virtual_file_ex(cwd_state *s
 #if defined(TSRM_WIN32)
 	{
 		char *dummy = NULL;
-		char *new_path;
 		int new_path_length;
   
 		new_path_length = GetLongPathName(path, dummy, 0) + 1;
@@ -357,6 +356,7 @@ CWD_API int virtual_file_ex(cwd_state *s
 			path_length = new_path_length;
 		} else {
 			free(new_path);
+			new_path = NULL;
 		}
 	}
 #endif
@@ -465,6 +465,11 @@ CWD_API int virtual_file_ex(cwd_state *s
 	free(old_state);
 	
 	free(free_path);
+#if defined(TSRM_WIN32)
+	if (new_path) {
+		free(new_path);
+	}
+#endif
 #if VIRTUAL_CWD_DEBUG
 	fprintf (stderr, "virtual_file_ex() = %s\n",state->cwd);
 #endif



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-02-21 02:53 UTC] sniper@php.net
Does this apply to PHP_4_3 branch too?

 [2004-02-21 17:11 UTC] msisolak at yahoo dot com
This section of code does not exist in the PHP_4_3 branch.  It wasn't added until version 1.52 of TSRM/tsrm_virtual_cwd.c and was not MFH.
 [2004-03-09 09:42 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sat Apr 19 09:02:28 2014 UTC