PHP :: Bug #74345 :: Call trampoline leaked if callback not invoked

Bug #74345

Call trampoline leaked if callback not invoked

Submitted:

2017-03-30 21:56 UTC

Modified:

Votes:	1
Avg. Score:	3.0 ± 0.0
Reproduced:	0 of 0 (0.0%)

From:

nikic@php.net

Assigned:

Status:

Closed

Package:

Scripting Engine problem

PHP Version:

7.0.17

OS:

Private report:

CVE-ID:

None

View Developer Edit

[2017-03-30 21:56 UTC] nikic@php.net

Description:
------------
If fci/fcc are acquired via zend_is_callable and the callback is subsequently not used, the call trampoline is leaked. The script demonstrates this using array_map() and the method name -- of course, this also affects other functions, and the trampoline itself may also be leaked.

Test script:
---------------
<?php

class Test {
    public function __call($name, $args) {
        echo "__call()\n";
    }
}

$name = "foo" . ($x = "bar");
array_map([new Test, $name], []);

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2019-03-20 11:07 UTC] nikic@php.net

Automatic comment on behalf of nikita.ppv@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=abc457fe1ddba07b1574744593f81ce1005025cd
Log: Fixed bug #74345

[2019-03-20 11:07 UTC] nikic@php.net

-Status: Open +Status: Closed

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sun Oct 26 17:00:01 2025 UTC