php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #6747 read() leaks memory
Submitted: 2000-09-13 23:55 UTC Modified: 2000-09-14 05:49 UTC
From: vincent dot negrier at mixad dot com Assigned:
Status: Closed Package: Sockets related
PHP Version: 4.0.2 OS: Linux 2.2
Private report: No CVE-ID: None
 [2000-09-13 23:55 UTC] vincent dot negrier at mixad dot com
My problem was the following :

Each call to read($socket, &$buffer, $length) on a non-blocking INET socket leaked $length bytes of memory.

I made a quick fix, it no longer leaks memory but I'm not sure i've done it the right way.

source code from the read() function in ext/sockets/sockets.c :

original:

    tmpbuf = emalloc(Z_LVAL_PP(length)*sizeof(char));
    if (tmpbuf == NULL) {
        php_error(E_WARNING, "Couldn't allocate memory from %s()", get_active_fu
        RETURN_FALSE;
    }

    ret = read(Z_LVAL_PP(fd), tmpbuf, Z_LVAL_PP(length));

    if (ret >= 0) {
        Z_STRVAL_PP(buf) = tmpbuf;
        Z_STRLEN_PP(buf) = ret;

        RETURN_LONG(ret);
    } else {
        RETURN_LONG(-errno);
    }



Modified:

    tmpbuf = emalloc(Z_LVAL_PP(length)*sizeof(char));
    if (tmpbuf == NULL) {
        php_error(E_WARNING, "Couldn't allocate memory from %s()", get_active_fu
        RETURN_FALSE;
    }

    ret = read(Z_LVAL_PP(fd), tmpbuf, Z_LVAL_PP(length));

    if (ret >= 0) {
        Z_STRVAL_PP(buf) = estrndup(tmpbuf, strlen(tmpbuf));
        Z_STRLEN_PP(buf) = ret;

        efree(tmpbuf);

        RETURN_LONG(ret);
    } else {
        efree(tmpbuf);
        RETURN_LONG(-errno);
    }

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2000-09-14 05:49 UTC] chrisv@php.net
Fixed in CVS.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 12:01:31 2024 UTC