|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2009-06-13 18:07 UTC] cellog@php.net
[2010-04-27 15:31 UTC] dmitry@php.net
|
|||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Wed Nov 19 07:00:01 2025 UTC |
Description: ------------ The test script below does not leak, but if $a were to successfully load class "foo" (i.e. move the eval() in $b() into $a) it leaks memory in zend_execute.c on line 723, which is the portion called when the closure is assigned to $b. This is caused by 2 separate bugs. 1) php_spl.c line 501 increases the refcount of the closure zval 2) php_spl.c line 511 checks to see if the function name has already been registered, but treats all closures as if they were "closure::__invoke" instead of using some unique aspect of each closure. This then jumps to the end of spl_autoload_register without decreasing the refcount, and boom, we have a memory leak. I don't know anything about the closures implementation, so someone who knows a better way to get a unique function name for a closure needs to fix this, both the refcount and the only-one-closure-allowed issues. Also, the memory leak is triggered by an important feature of Pyrus, and yes, we are registering multiple closures as autoload callbacks to implement a dynamic plugin system. It works great except for these two bugs. Reproduce code: --------------- <?php $a = function ($class) { echo "a called\n"; }; $b = function ($class) { eval('class ' . $class . '{}'); echo "b called\n"; }; spl_autoload_register($a); spl_autoload_register($b); $c = new foo; Expected result: ---------------- a called b called Actual result: -------------- a called Fatal error: Class 'foo' not found in /home/user/workspace/php5/test.php on line 11 Call Stack: 0.0005 345172 1. {main}() /home/user/workspace/php5/test.php:0