php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74345 Call trampoline leaked if callback not invoked
Submitted: 2017-03-30 21:56 UTC Modified: -
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: nikic@php.net Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 7.0.17 OS:
Private report: No CVE-ID: None
 [2017-03-30 21:56 UTC] nikic@php.net
Description:
------------
If fci/fcc are acquired via zend_is_callable and the callback is subsequently not used, the call trampoline is leaked. The script demonstrates this using array_map() and the method name -- of course, this also affects other functions, and the trampoline itself may also be leaked.

Test script:
---------------
<?php

class Test {
    public function __call($name, $args) {
        echo "__call()\n";
    }
}

$name = "foo" . ($x = "bar");
array_map([new Test, $name], []);



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-03-20 11:07 UTC] nikic@php.net
Automatic comment on behalf of nikita.ppv@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=abc457fe1ddba07b1574744593f81ce1005025cd
Log: Fixed bug #74345
 [2019-03-20 11:07 UTC] nikic@php.net
-Status: Open +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 09:01:26 2024 UTC