php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #65227 Memory leak in gmp_cmp second parameter
Submitted: 2013-07-09 16:17 UTC Modified: 2013-07-09 16:25 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: frozenfire@php.net Assigned:
Status: Closed Package: GNU MP related
PHP Version: unknown OS: Irrelevant
Private report: No CVE-ID:
 [2013-07-09 16:17 UTC] frozenfire@php.net
Description:
------------
Reporting this bug for a third party 
(http://www.reddit.com/r/PHP/comments/1hx7qz/what_is_going_on_here_how_do_i_fix_t
his_memory/), and related to a user note 
(http://www.php.net/manual/en/function.gmp-cmp.php#99120).

The gmp_cmp function leaks memory when a string is used as the value of the 
second parameter.

My guess is that it relates to the way that the type is juggled in the gmp_cmp 
function (https://github.com/php/php-src/blob/master/ext/gmp/gmp.c#L848), where 
it checks the type of the second parameter to see if it's a long. It doesn't 
however check if the second parameter is a string, or really any other type.



Test script:
---------------
Third party's example code can be found at http://www.reddit.com/r/PHP/comments/1hx7qz/what_is_going_on_here_how_do_i_fix_this_memory/


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-07-09 16:20 UTC] frozenfire@php.net
-PHP Version: master-Git-2013-07-09 (Git) +PHP Version: unknown
 [2013-07-09 16:25 UTC] frozenfire@php.net
I noticed shortly after filing the bug that this issue *may* be resolved as of 
https://github.com/php/php-
src/commit/7713b8c2ac2d8fbacaf897ff0c0a202a7b7abf49#ext/gmp/gmp.c

The issue may have resulted from the lack of a free of temp_b after 
https://github.com/php/php-
src/blob/a666285bc2488b7f7362368c388e41428610ad1d/ext/gmp/gmp.c#L1337, which 
would apply to all versions except 5.next
 [2013-07-12 23:26 UTC] felipe@php.net
Automatic comment on behalf of felipensp@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=281936b29535ae095350abb274acef0ae548a431
Log: - Fixed bug #65227 (Memory leak in gmp_cmp second parameter)
 [2013-07-12 23:26 UTC] felipe@php.net
-Status: Open +Status: Closed
 [2013-07-13 00:32 UTC] stas@php.net
Automatic comment on behalf of felipensp@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=281936b29535ae095350abb274acef0ae548a431
Log: - Fixed bug #65227 (Memory leak in gmp_cmp second parameter)
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 23 09:02:23 2014 UTC