php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #44798 Memory leak assigning value to attribute (Fixed in PHP_5_3 branch!)
Submitted: 2008-04-22 11:29 UTC Modified: 2008-05-05 23:00 UTC
From: aldo at armiento dot com Assigned:
Status: Closed Package: SimpleXML related
PHP Version: 5.2CVS-2008-04-22 OS: *
Private report: No CVE-ID:
 [2008-04-22 11:29 UTC] aldo at armiento dot com
Description:
------------
Assigning any value to a SimpleXML attribute produces a memory leak.

Reproduce code:
---------------
<?php

$xml = new SimpleXMLElement('<?xml version="1.0"?><root><test attribute="value"/></root>');
while(true) {
	$xml->test['attribute'] = 'value';
}

echo $xml->asXML();

?>

Expected result:
----------------
<?xml version="1.0"?>
<root><test attribute="value"/></root>

Actual result:
--------------
Fatal error: Allowed memory size of 33554432 bytes exhausted (tried to 
allocate 40 bytes) in /tmp/test_simplexml.php on line 5

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-04-22 22:25 UTC] aldo at armiento dot com
This patch to php-5.2.5 sources in ext/simplexml/simplexml.c solve the 
problem.

The problem is also present in php5.2-200804222030 snap

--- simplexml.c.orig    2007-07-31 17:40:49.000000000 +0200
+++ simplexml.c 2008-04-23 00:16:00.276147006 +0200
@@ -702,11 +702,13 @@
        convert_to_string(member);
        name = Z_STRVAL_P(member);
        node = sxe_get_element_by_name(sxe, node, &name, &type 
TSRMLS_CC);
-       if (!node) {
-               sxe_prop_dim_write(object, member, NULL, 1, 0, &node 
TSRMLS_CC);
-               type = SXE_ITER_NONE;
-               name = NULL;
+       if (node) {
+               return NULL;
        }
+       sxe_prop_dim_write(object, member, NULL, 1, 0, &node 
TSRMLS_CC);
+       type = SXE_ITER_NONE;
+       name = NULL;
+
        MAKE_STD_ZVAL(return_value);
        _node_as_zval(sxe, node, return_value, type, name, sxe-
>iter.nsprefix, sxe->iter.isprefix TSRMLS_CC);
 [2008-04-22 23:23 UTC] crrodriguez at suse dot de
The "leak" ( which is not really a memory leak) is already fixed in PHP_5_3.
 [2008-04-22 23:38 UTC] aldo at armiento dot com
Yeah, this "bug" (and other changes to simplexml.c) is fixed in PHP 5.3 
and PHP 6 but not in PHP 5.2 series (for example in php-5.2.6RC5).

By the way this problem produces a "memory leak".
 [2008-05-05 23:00 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 17 09:02:29 2014 UTC