php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #46948 ext/date/lib/parse_tz.c:99: Memory leak: buffer
Submitted: 2008-12-26 20:55 UTC Modified: 2017-01-11 16:33 UTC
Votes:2
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: dvice_null at yahoo dot com Assigned: derick (profile)
Status: Assigned Package: Date/time related
PHP Version: 6CVS-2008-12-26 (CVS) OS: *
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: dvice_null at yahoo dot com
New email:
PHP Version: OS:

 

 [2008-12-26 20:55 UTC] dvice_null at yahoo dot com
Description:
------------
In file ext/date/lib/parse_tz.c:99: 
Variable "buffer" leaks memory if "cbuffer" is null in this code:

if (!cbuffer) {
  return;
}


This bug was found using cppcheck: http://cppcheck.wiki.sourceforge.net/


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-12-26 21:11 UTC] dvice_null at yahoo dot com
Two similar problems in the same file. Let me know if you want separate bug reports about these:

----------------

ext/date/lib/parse_tz.c:124]: Memory leak: buffer

if (!tz->type) {
  return;
}

----------------

ext/date/lib/parse_tz.c:152: Memory leak: leap_buffer

if (!tz->leap_times) {
  return;
}
 [2008-12-26 21:51 UTC] felipe@php.net
I think something like this:

Index: ext/date/lib/parse_tz.c
===================================================================
RCS file: /repository/php-src/ext/date/lib/parse_tz.c,v
retrieving revision 1.20.2.6.2.13.2.4
diff -u -p -r1.20.2.6.2.13.2.4 parse_tz.c
--- ext/date/lib/parse_tz.c	9 Aug 2008 22:01:08 -0000	1.20.2.6.2.13.2.4
+++ ext/date/lib/parse_tz.c	26 Dec 2008 21:47:20 -0000
@@ -100,6 +100,7 @@ static void read_transistions(char **tzf
 
 		cbuffer = (unsigned char*) malloc(tz->timecnt * sizeof(unsigned char));
 		if (!cbuffer) {
+			free(buffer);
 			return;
 		}
 		memcpy(cbuffer, *tzf, sizeof(unsigned char) * tz->timecnt);
@@ -125,6 +126,7 @@ static void read_types(char **tzf, timel
 
 	tz->type = (ttinfo*) malloc(tz->typecnt * sizeof(struct ttinfo));
 	if (!tz->type) {
+		free(buffer);
 		return;
 	}
 
@@ -153,6 +155,9 @@ static void read_types(char **tzf, timel
 
 		tz->leap_times = (tlinfo*) malloc(tz->leapcnt * sizeof(tlinfo));
 		if (!tz->leap_times) {
+			free(leap_buffer);
+			free(tz->timezone_abbr);
+			free(tz->types);
 			return;
 		}
 		for (i = 0; i < tz->leapcnt; i++) {

 [2008-12-26 21:59 UTC] felipe@php.net
Truly, I think that Derick really free that vars. in another place.
 [2017-01-11 16:33 UTC] heiglandreas@php.net
Is this still an issue? Or can that be closed after 8 years and targeting an unsupported version?
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC