php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #61087 Memory leak in parse_ini_file when specifying invalid scanner mode
Submitted: 2012-02-14 17:51 UTC Modified: 2012-03-02 03:52 UTC
From: nikic@php.net Assigned: laruence
Status: Closed Package: *General Issues
PHP Version: Irrelevant OS:
Private report: No CVE-ID:
 [2012-02-14 17:51 UTC] nikic@php.net
Description:
------------
parse_ini_file('emptyFile', false, 26);

Leaks:


Warning: Invalid scanner mode in /home/nikic/dev/my-
fuzzer/reproduceCode5_memoryLeak.php on line 3
[Tue Feb 14 18:36:56 2012]  Script:  'reproduceCode5_memoryLeak.php'
/home/nikic/dev/php-src/main/streams/plain_wrapper.c(910) :  Freeing 0xB780BE94 
(36 bytes), script=reproduceCode5_memoryLeak.php
[Tue Feb 14 18:36:56 2012]  Script:  'reproduceCode5_memoryLeak.php'
/home/nikic/dev/php-src/Zend/zend_stream.c(280) :  Freeing 0xB780C908 (32 
bytes), script=reproduceCode5_memoryLeak.php
=== Total 2 memory leaks detected ===

The reason is that the file handle is not closed correctly.

I was able to fix it using this simple patch:

diff --git a/Zend/zend_ini_scanner.c b/Zend/zend_ini_scanner.c
index 85fc74d..3b4e217 100644
--- a/Zend/zend_ini_scanner.c
+++ b/Zend/zend_ini_scanner.c
@@ -230,9 +230,12 @@ int zend_ini_open_file_for_scanning(zend_file_handle *fh, i
        char *buf;
        size_t size;
 
-       if (zend_stream_fixup(fh, &buf, &size TSRMLS_CC) == FAILURE ||
-               init_ini_scanner(scanner_mode, fh TSRMLS_CC) == FAILURE
-       ) {
+       if (zend_stream_fixup(fh, &buf, &size TSRMLS_CC) == FAILURE) {
+               return FAILURE;
+       }
+
+       if (init_ini_scanner(scanner_mode, fh TSRMLS_CC) == FAILURE) {
+               zend_file_handle_dtor(fh TSRMLS_CC);
                return FAILURE;
        }


Patches

parse_ini_file_memleak.patch (last revision 2012-02-23 17:32 UTC) by nikic@php.net)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-02-14 18:00 UTC] nikic@php.net
The following patch has been added/updated:

Patch Name: parse_ini_file_memleak.patch
Revision:   1329242430
URL:        https://bugs.php.net/patch-display.php?bug=61087&patch=parse_ini_file_memleak.patch&revision=1329242430
 [2012-02-16 02:16 UTC] laruence@php.net
-Assigned To: +Assigned To: laruence
 [2012-02-23 17:32 UTC] nikic@php.net
The following patch has been added/updated:

Patch Name: parse_ini_file_memleak.patch
Revision:   1330018332
URL:        https://bugs.php.net/patch-display.php?bug=61087&patch=parse_ini_file_memleak.patch&revision=1330018332
 [2012-02-25 14:15 UTC] laruence@php.net
Automatic comment from SVN on behalf of laruence
Revision: http://svn.php.net/viewvc/?view=revision&revision=323511
Log: Fixed bug #61087 (Memory leak in parse_ini_file when specifying invalid scanner mode)
 [2012-03-02 03:51 UTC] laruence@php.net
Automatic comment from SVN on behalf of laruence
Revision: http://svn.php.net/viewvc/?view=revision&revision=323786
Log: MFH: Fixed bug #61087 (Memory leak in parse_ini_file when specifying invalid scanner mode)
 [2012-03-02 03:52 UTC] laruence@php.net
-Status: Assigned +Status: Closed
 [2012-03-02 03:52 UTC] laruence@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.


 [2012-04-18 09:45 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=38b549ea2fec95da93e03c4a8aec7e8642171648
Log: Fixed bug #61087 (Memory leak in parse_ini_file when specifying invalid scanner mode)
 [2012-07-24 23:37 UTC] rasmus@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=38b549ea2fec95da93e03c4a8aec7e8642171648
Log: Fixed bug #61087 (Memory leak in parse_ini_file when specifying invalid scanner mode)
 [2013-11-17 09:33 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=38b549ea2fec95da93e03c4a8aec7e8642171648
Log: Fixed bug #61087 (Memory leak in parse_ini_file when specifying invalid scanner mode)
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 10:02:06 2014 UTC