php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #62210 Exceptions can leak temporary variables
Submitted: 2012-06-02 00:46 UTC Modified: 2015-11-13 12:38 UTC
Votes:4
Avg. Score:4.5 ± 0.5
Reproduced:1 of 3 (33.3%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: nikic@php.net Assigned: dmitry (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
29 - 16 = ?
Subscribe to this entry?

 
 [2012-06-02 00:46 UTC] nikic@php.net 
Description:
------------
The script

<?php
function throwException() { throw new Exception }
function doSomething() { [] + throwException(); }
try { doSomething(); } catch (Exception $e) { }

leaks

/home/nikic/dev/php-src/Zend/zend_vm_execute.h(25625) :  Freeing 0xB77ABA44 (44 bytes), script=-
/home/nikic/dev/php-src/Zend/zend_API.c(982) : Actual location (location was relayed)
=== Total 1 memory leaks detected ===

This generally always happens whenever an exception is thrown while evaluation an expression which contains (non-scalar) temporary variables. In the above case the array hash table is leaked.

The reason is that the FREE opcode for the temporary variable is never executed due to the exception. Exceptions only free temporary loop variables.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-06-03 14:20 UTC] felipe@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: dmitry
 [2012-06-25 08:12 UTC] dmitry@php.net 
I confirm the bug, but I don't see a simple way to fix it.

In general, it's possible to extend zend_op_array with information about ranges of temporary variables livenes, but overhead is going to be too high.
 [2015-07-07 12:42 UTC] dmitry@php.net 
Automatic comment on behalf of dmitry@zend.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=5ee841325901a4b040cfea56292a24702fe224d9
Log: Fixed bug #62210 (Exceptions can leak temporary variables. As a part of the fix serious refactoring was done. op_array-&gt;brk_cont_array was removed, and replaced with more general and speed efficient op_array-&gt;T_liveliness. ZEND_GOTO opcode is always replaced by ZEND_JMP at compile time). (Bob, Dmitry, Laruence)
 [2015-07-07 12:42 UTC] dmitry@php.net
-Status: Assigned +Status: Closed
 [2015-07-07 23:36 UTC] ab@php.net 
Automatic comment on behalf of dmitry@zend.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=5ee841325901a4b040cfea56292a24702fe224d9
Log: Fixed bug #62210 (Exceptions can leak temporary variables. As a part of the fix serious refactoring was done. op_array-&gt;brk_cont_array was removed, and replaced with more general and speed efficient op_array-&gt;T_liveliness. ZEND_GOTO opcode is always replaced by ZEND_JMP at compile time). (Bob, Dmitry, Laruence)
 [2015-07-10 01:58 UTC] dmitry@php.net
-Status: Closed +Status: Re-Opened
 [2015-07-10 01:58 UTC] dmitry@php.net 
The fix was reverted.
 [2015-07-10 10:31 UTC] ab@php.net 
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=ad8a73dd55c087de465ad80e8715611693bb1460
Log: Revert &quot;Fixed bug #62210 (Exceptions can leak temporary variables. As a part of the fix serious refactoring was done. op_array-&gt;brk_cont_array was removed, and replaced with more general and speed efficient op_array-&gt;T_liveliness. ZEND_GOTO opcode is always replaced by ZEND_JMP at compile time). (Bob, Dmitry, Laruence)&quot;
 [2015-07-10 10:31 UTC] ab@php.net
-Status: Re-Opened +Status: Closed
 [2015-07-10 11:04 UTC] dmitry@php.net
-Status: Closed +Status: Re-Opened
 [2015-11-13 12:38 UTC] dmitry@php.net
-Status: Re-Opened +Status: Closed
 [2015-11-13 12:38 UTC] dmitry@php.net 
Fixed in master (for 7.1) by http://git.php.net/?p=php-src.git;a=commitdiff;h=3a5fa926bfc409963f500144ea6d5e890e712a86
 [2016-07-20 11:38 UTC] davey@php.net 
Automatic comment on behalf of dmitry@zend.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=5ee841325901a4b040cfea56292a24702fe224d9
Log: Fixed bug #62210 (Exceptions can leak temporary variables. As a part of the fix serious refactoring was done. op_array-&gt;brk_cont_array was removed, and replaced with more general and speed efficient op_array-&gt;T_liveliness. ZEND_GOTO opcode is always replaced by ZEND_JMP at compile time). (Bob, Dmitry, Laruence)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 21:01:30 2024 UTC