php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #73568 Using null coalescing operator with SplObjectStorage causes memory leak
Submitted: 2016-11-21 00:00 UTC Modified: 2016-11-21 05:19 UTC
From: tandre at ifwe dot co Assigned: laruence (profile)
Status: Closed Package: SPL related
PHP Version: 7.0.13 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: tandre at ifwe dot co
New email:
PHP Version: OS:

 

 [2016-11-21 00:00 UTC] tandre at ifwe dot co
Description:
------------
See https://github.com/php/php-src/pull/2215 for a description and a fix.

The objects(keys) used for the null coalescing operator are leaked if the entry does not exist in the map.

PHP 7.0.13(and 7.0.12, probably others) are affected, along with php 7.1.0RC6. (The null coalescing operator was introduced in 7.0)

Test script:
---------------
<?php

$b = new stdClass();
$map = new SplObjectStorage();
var_export($map[$b] ?? null); // /usr/local/php-7.0.12-src/Zend/zend_objects.c(162) :  Freeing 0x7F3957875A00 (40 bytes), script=/path/to/test.php


Expected result:
----------------
No memory leaks. Null coalescing operator continues behaving equivalently to isset($hash[$obj]) ? $hash[$obj] : $default (which currently does not leak)

Actual result:
--------------
The return value of the coalescing operator was correct, but memory leaks are observed (visible in debug builds), of the form

/usr/local/php-7.0.12-src/Zend/zend_objects.c(162) :  Freeing 0x7F3957875A00 (40 bytes), script=/path/to/test.php



Patches

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-11-21 05:19 UTC] laruence@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: laruence
 [2016-11-21 05:19 UTC] laruence@php.net
fix has been merged..
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Sun Sep 27 17:01:24 2020 UTC