PHP :: Bug #58917 :: Invalid efree() when libgearman creates a task without gearman_task

Bug #58917	Invalid efree() when libgearman creates a task without gearman_task_obj
Submitted:	2009-10-24 16:12 UTC	Modified:	2011-05-17 08:41 UTC
From:	mats dot lindh at gmail dot com	Assigned:	hradtke (profile)
Status:	Closed	Package:	gearman (PECL)
PHP Version:	5.2.6	OS:
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	mats dot lindh at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2009-10-24 16:12 UTC] mats dot lindh at gmail dot com

Description:
------------
When the user simply calls ->do on a GearmanClient, the context member of the task structure will be set to the client structure - and not to the assumed gearman_task_obj structure.

This leads to an invalid efree() in _php_free_task when the number of received bytes causes the correct bit to be set (the ->do_data_size from client will be used when referring to ->flags of obj).

As the gearman_task_obj never gets created when a simple do is called, it seems that there's no need to clean it up either. The patch simply checks if the context is the same as the client of the task, and if so, just returns without doing the call to free.

Patch:
http://e-mats.org/resources/php_gearman.c.patch

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2010-01-21 15:05 UTC] peter dot urda at gmail dot com

I request this gets added to the PHP package ASAP. This efree() error gave me headaches and problems for at least a day and a half. A helpful post on the Gearman Google Groups page from Mats fixed my problem. Please patch and re-release!!!

[2011-05-15 05:20 UTC] hradtke@php.net

I believe this was fixed in 0.7.0.  I cannot recreate it on trunk and the google group post regarding this issue claims it was fixed.  Can you verify?

[2011-05-16 07:59 UTC] mats dot lindh at gmail dot com

I'm unable to test it at the moment, but yes, the fix was planned for either libgearman or php-gearman 0.7.0 and everything should be OK now.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue Apr 23 14:01:31 2024 UTC