|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #62210 Exceptions can leak temporary variables
Submitted: 2012-06-02 00:46 UTC Modified: 2012-06-25 08:12 UTC
Avg. Score:4.7 ± 0.5
Reproduced:1 of 2 (50.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: Assigned: dmitry
Status: Assigned Package: Scripting Engine problem
PHP Version: Irrelevant OS:
Private report: No CVE-ID:
Have you experienced this issue?
Rate the importance of this bug to you:

 [2012-06-02 00:46 UTC]
The script

function throwException() { throw new Exception }
function doSomething() { [] + throwException(); }
try { doSomething(); } catch (Exception $e) { }


/home/nikic/dev/php-src/Zend/zend_vm_execute.h(25625) :  Freeing 0xB77ABA44 (44 bytes), script=-
/home/nikic/dev/php-src/Zend/zend_API.c(982) : Actual location (location was relayed)
=== Total 1 memory leaks detected ===

This generally always happens whenever an exception is thrown while evaluation an expression which contains (non-scalar) temporary variables. In the above case the array hash table is leaked.

The reason is that the FREE opcode for the temporary variable is never executed due to the exception. Exceptions only free temporary loop variables.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2012-06-03 14:20 UTC]
-Status: Open +Status: Assigned -Assigned To: +Assigned To: dmitry
 [2012-06-25 08:12 UTC]
I confirm the bug, but I don't see a simple way to fix it.

In general, it's possible to extend zend_op_array with information about ranges of temporary variables livenes, but overhead is going to be too high.
PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Mon Jun 15 18:01:54 2015 UTC