php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #72982 Memory leak in zend_accel_blacklist_update_regexp() function
Submitted: 2016-08-31 00:24 UTC Modified: -
From: irishbughunting at gmail dot com Assigned:
Status: Closed Package: Regexps related
PHP Version: 7.0.10 OS: Any
Private report: No CVE-ID:
 [2016-08-31 00:24 UTC] irishbughunting at gmail dot com
Description:
------------
Description
===========

Due to the zend_accel_blacklist_update_regexp() function not releasing/freeing memory allocated on the heap, a memory leak can occur. This relates to the *it pointer.

Code Snippet
============
static void zend_accel_blacklist_update_regexp(zend_blacklist *blacklist)
{
	const char *pcre_error;
	int i, pcre_error_offset;
	zend_regexp_list **regexp_list_it, *it;
	char regexp[12*1024], *p, *end, *c, *backtrack = NULL;

----------SNIP---------
		it = (zend_regexp_list*)malloc(sizeof(zend_regexp_list));
			if (!it) {
				zend_accel_error(ACCEL_LOG_ERROR, "malloc() failed\n");
				return;
			}
			it->next = NULL;

			if ((it->re = pcre_compile(regexp, PCRE_NO_AUTO_CAPTURE, &pcre_error, &pcre_error_offset, 0)) == NULL) {
				blacklist_report_regexp_error(pcre_error, pcre_error_offset);
			}
			/* prepare for the next iteration */
			p = regexp + 2;
			*regexp_list_it = it;
			regexp_list_it = &it->next;
----------SNIP---------

Expected result:
----------------
An expected result it that the *it pointer is free'd after finish of use, as opposed to using up unnecessary system resources.

Actual result:
--------------
A memory leak occurs.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-09-01 04:11 UTC] laruence@php.net
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=1ee41683dc361a8d1bd0048f2218d24207b5e872
Log: Fixed bug #72982 (Memory leak in zend_accel_blacklist_update_regexp() function)
 [2016-09-01 04:11 UTC] laruence@php.net
-Status: Open +Status: Closed
 [2016-10-03 09:34 UTC] aaron at serendipity dot cx
The fix appears to be committed to the 7.1.0rcX series but not the 7.0.x series. Should it be backported?
 [2016-10-03 09:40 UTC] aaron at serendipity dot cx
On second look, I see this will be fixed in 7.0.12. The commit date of the original fix (8/31/2016) was prior to the release of 7.0.11 (9/15/2016) but must have missed the cut-off.

https://github.com/php/php-src/commit/1ee41683dc361a8d1bd0048f2218d24207b5e872
 [2016-10-17 10:08 UTC] bwoebi@php.net
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=1ee41683dc361a8d1bd0048f2218d24207b5e872
Log: Fixed bug #72982 (Memory leak in zend_accel_blacklist_update_regexp() function)
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Aug 29 15:01:52 2017 UTC