|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #68358 memory leak with custom get_method/call_method object handlers
Submitted: 2014-11-05 23:18 UTC Modified: -
Avg. Score:3.0 ± 0.0
Reproduced:0 of 1 (0.0%)
From: stesie at brokenpipe dot de Assigned:
Status: Open Package: Scripting Engine problem
PHP Version: 5.6.2 OS: irrelevant
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2014-11-05 23:18 UTC] stesie at brokenpipe dot de
This is just a minimal example, demonstrating a memory leak I found writing/debugging a php extension.

I have custom get_method/call_method handlers on a class exported by the extension to allow dispatching arbitrary calls off php.

However every direct function call leaks a reference on the object itself;
while a call using call_user_func does *not*.

I wrote a minimal php "hello" extension, which demonstrates the problem, available at
It exports a Hello class, which returns this_ptr->refcount__gc on any method call.

Each time I call $foo->blar() the refcount__gc is incremented once more then decremented.  (i.e. leaks a ref to the object)

If I call_user_func([ $foo, 'blar']) however, which I would expect to behave identical, there's no refcount__gc leak.

I have not digged further into Zend internals, let me know if that would help.
... or if I'm completely off or doing it wrong :)


Test script:
$foo = new Hello();
echo "--- direct method call ---\n";
echo "--- call_user_func calls ---\n";
var_dump(call_user_func([ $foo, 'blar' ]));
var_dump(call_user_func([ $foo, 'blar' ]));
var_dump(call_user_func([ $foo, 'blar' ]));

Expected result:
successing direct method calls should not increment refcount__gc

Actual result:
object(Hello)#1 (0) {
--- direct method call ---
--- call_user_func calls ---
[Wed Nov  5 22:40:08 2014]  Script:  '/tmp/40d9ab136bea473a16ac/foo.php'
/usr/local/src/php-5.6.2/Zend/zend_vm_execute.h(944) :  Freeing 0x7FFFF7FE2578 (32 bytes), script=/tmp/40d9ab136bea473a16ac/foo.php
=== Total 1 memory leaks detected ===
[Inferior 1 (process 1711) exited normally]


Add a Patch

Pull Requests

Add a Pull Request

PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sun Aug 01 18:01:25 2021 UTC