php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #53153 Memory leak with phpinfo() + output buffering + zlib compression
Submitted: 2010-10-25 19:25 UTC Modified: 2010-11-02 04:50 UTC
From: cataphract@php.net Assigned: cataphract (profile)
Status: Closed Package: Output Control
PHP Version: trunk-SVN-2010-10-25 (SVN) OS: Windows 7 x64
Private report: No CVE-ID: None
 [2010-10-25 19:25 UTC] cataphract@php.net
Description:
------------
There is a memory leak on memory allocated on \main\output.c(809):

		if ((handler->buffer.size - handler->buffer.used) <= buf->used) {
			size_t grow_int = PHP_OUTPUT_HANDLER_INITBUF_SIZE(handler->size);
			size_t grow_buf = PHP_OUTPUT_HANDLER_INITBUF_SIZE(buf->used - (handler->buffer.size - handler->buffer.used));
			size_t grow_max = MAX(grow_int, grow_buf);
			
			handler->buffer.data = erealloc(handler->buffer.data, handler->buffer.size + grow_max); /* memory was allocated here */
			handler->buffer.size += grow_max;
		}



phpinfo() code:

	/* Andale!  Andale!  Yee-Hah! */
	php_output_start_default(TSRMLS_C);
	php_print_info(flag TSRMLS_CC);
	php_output_end(TSRMLS_C);

Test script:
---------------
File file.php
---
<?php
phpinfo();

(only the non disablable modules are loaded)

php-cgi -dzlib.output_compression=1 -doutput_buffering=10K file.php


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-10-25 19:26 UTC] cataphract@php.net
Interestingly there's also some corrupted/uninitialized memory in the memory leak message:

</div></body></html>[Mon Oct 25 18:19:39 2010]  Script:  'ZZZZZZZZZ8↔▄¥▄¥¥?d╔Ï@Ç
☺'
c:\users\cataphract\documents\php-src\main\output.c(809) :  Freeing 0x012B0088 (
49152 bytes), script=ZZZZZZZZZ8↔▄¥▄¥¥?d╔Ï@Ç☺
=== Total 1 memory leaks detected ===
 [2010-10-25 19:38 UTC] cataphract@php.net
Note: there seems to be no leak if the environment variables HTTP_ACCEPT_ENCODING actually triggers the zlib compression.
 [2010-11-01 23:04 UTC] cataphract@php.net
Adding a line in output.c:810:

			handler->buffer.data = erealloc(handler->buffer.data, handler->buffer.size + grow_max);
			fprintf(stderr, "%X: %d\n", handler->buffer.data, php_output_get_level(TSRMLS_C));
			handler->buffer.size += grow_max;

D55368: 3
D62748: 3
D70088: 2
D7C0C0: 2
[Mon Nov 01 21:58:47 2010]  Script:  'ZZZZZZZZZDö`┼`┼┼¬½ØÖ@Ç☺'
c:\users\cataphract\documents\php-src\main\output.c(809) :  Freeing 0x00D70088 (
49152 bytes), script=ZZZZZZZZZDö`┼`┼┼¬½ØÖ@Ç☺

At level 2 it's the zlib handler.
 [2010-11-02 00:42 UTC] felipe@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: mike
 [2010-11-02 04:49 UTC] cataphract@php.net
Automatic comment from SVN on behalf of cataphract
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=305022
Log: - Fixed bug #53153 (memory leak with phpinfo() + output buffering + zlib compression).
 [2010-11-02 04:50 UTC] cataphract@php.net
-Status: Assigned +Status: Closed -Assigned To: mike +Assigned To: cataphract
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Wed Dec 01 18:03:35 2021 UTC