php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #59715 consume leaks memory and corrupts heap
Submitted: 2011-04-14 15:24 UTC Modified: 2011-04-14 16:25 UTC
From: martin at ringehahn dot de Assigned:
Status: Closed Package: amqp (PECL)
PHP Version: Irrelevant OS: FreeBSD 8.2-RELEASE
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
38 - 16 = ?
Subscribe to this entry?

 
 [2011-04-14 15:24 UTC] martin at ringehahn dot de 
Description:
------------
When running a loop w/ the consume method, the amqp extension 
leaks memory.

Reproduce code:
---------------
while (true) {
  $msgs = $q->consume(array('min'=>1, 'max'=>1));
}

Expected result:
----------------
The size of the php process should hover around some steady 
value.

Actual result:
--------------
The php process continuously grows and grows. When running 
with the suhosin extension, the php process exits with 
return code 1 and leaves
"ALERT - canary mismatch on efree() - heap overflow detected 
at 0x8d3d444"
in syslog.

the following patch fixes these issues for me:

--- amqp_queue.c.1      2011-04-14 15:22:39.814585000 -0400
+++ amqp_queue.c        2011-04-14 15:21:01.170504000 -0400
@@ -582,7 +582,7 @@
        array_init(return_value);
        char *buf = NULL;
 
-       buf = (char*) malloc(FRAME_MAX);
+       buf = (char*) emalloc(FRAME_MAX);
        if (!buf) {
                
zend_throw_exception(zend_exception_get_default(TSRMLS_C), 
"Out of memory (malloc)" ,0 TSRMLS_CC);       
        }
@@ -730,9 +730,9 @@
                        int count_buf = body_target / 
FRAME_MAX +1;
                        int resize = count_buf * FRAME_MAX;
                        buf_max = resize;
-                       pbuf = realloc(buf, resize);
+                       pbuf = erealloc(buf, resize);
                        if (!pbuf) {
-                               free(buf);
+                               efree(buf);
                                
zend_throw_exception(zend_exception_get_default(TSRMLS_C), 
"The memory is out (realloc)", 0 TSRMLS_CC);
                        }
                        buf = pbuf;

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-04-14 16:25 UTC] pdezwart at gmail dot com 
This bug has been fixed in SVN.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on pecl.php.net.

In case this was a pecl.php.net website problem, the change will show
up on the website in short time.
 
Thank you for the report, and for helping us make PECL better.

Thank you for the bug report.

Fixed in trunk at revision 310219.
There are a couple other bugs that need to be addressed before we tag a new release.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 26 18:01:31 2024 UTC