php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #45327 [PATCH] memory leak if offsetGet throws exception (PHP_5_2 branch only!)
Submitted: 2008-06-21 17:36 UTC Modified: 2009-02-17 17:09 UTC
From: cellog@php.net Assigned: dmitry (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: 5.2CVS-2008-06-21 OS: linux 64bit
Private report: No CVE-ID: None
 [2008-06-21 17:36 UTC] cellog@php.net
Description:
------------
ext/phar's test phar_offset_get_error.phpt fails with leaked memory in zend_execute_API.c:1023, which is where retval is allocated.  It turns out that if offsetGet() throws an exception, zend_std_read_dimension() does not free the return zval, and it leaks.  This only affects PHP 5.2.  The patch to fix is at http://pear.php.net/~greg/fix_leak.patch.txt and is pasted below

Reproduce code:
---------------
Index: Zend/zend_object_handlers.c
===================================================================
RCS file: /repository/ZendEngine2/zend_object_handlers.c,v
retrieving revision 1.135.2.6.2.28
diff -u -r1.135.2.6.2.28 zend_object_handlers.c
--- Zend/zend_object_handlers.c 21 Feb 2008 13:55:22 -0000      1.135.2.6.2.28
+++ Zend/zend_object_handlers.c 21 Jun 2008 17:33:18 -0000
@@ -469,6 +469,10 @@
                        return 0;
                }

+               if (EG(exception)) {
+                       zval_ptr_dtor(&retval);
+                       return 0;
+               }
                /* Undo PZVAL_LOCK() */
                retval->refcount--;




Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-09-02 13:44 UTC] dmitry@php.net
ext/phar is not a part of PHP_5_2 branch, and I don't see any leaks in PHP_5_3. Do you still have this leak? Could you provide a script that causes leak on PHP_5_2 (without ext/phar) or PHP_5_3 (with phar).
 [2008-09-02 16:14 UTC] cellog@php.net
yes, to reproduce, cp ext/phar from PHP_5_3 into PHP_5_2 and run the test I described
 [2009-02-17 17:09 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 15:01:30 2024 UTC