php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79503 Memory leak on duplicate metadata
Submitted: 2020-04-21 09:52 UTC Modified: 2020-04-22 13:10 UTC
From: nikic@php.net Assigned: cmb (profile)
Status: Closed Package: PHAR related
PHP Version: 7.3.17 OS:
Private report: No CVE-ID: None
 [2020-04-21 09:52 UTC] nikic@php.net
Description:
------------
Passing the file https://gist.github.com/nikic/5b7a55e6a100c3dedbfd1ac6837c74a9 to Phar::__construct() results in a memory leak:

    #0 0x4ef61d in malloc (/home/nikic/php-src-fuzz/sapi/fuzzer/php-fuzz-phar+0x4ef61d)
    #1 0x105d619 in __zend_malloc /home/nikic/php-src-fuzz/Zend/zend_alloc.c:2992:14
    #2 0xeca559 in zend_string_alloc /home/nikic/php-src-fuzz/Zend/zend_string.h:141:36
    #3 0xeca559 in zend_string_init /home/nikic/php-src-fuzz/Zend/zend_string.h:163:21
    #4 0xecf463 in php_var_unserialize_internal /home/nikic/php-src-fuzz/ext/standard/var_unserializer.re:953:3
    #5 0xeca8ca in php_var_unserialize /home/nikic/php-src-fuzz/ext/standard/var_unserializer.re:752:11
    #6 0xad234e in phar_parse_metadata /home/nikic/php-src-fuzz/ext/phar/phar.c:621:8
    #7 0xa74837 in phar_tar_process_metadata /home/nikic/php-src-fuzz/ext/phar/tar.c:176:6
    #8 0xa74837 in phar_parse_tarfile /home/nikic/php-src-fuzz/ext/phar/tar.c:512:19
    #9 0xad6fdd in phar_open_from_fp /home/nikic/php-src-fuzz/ext/phar/phar.c:1726:13
    #10 0xad4e48 in phar_create_or_parse_filename /home/nikic/php-src-fuzz/ext/phar/phar.c:1364:7

The cause is a duplicate .phar/.metadata.bin entry, where the second one overwrites the first without freeing. Probably we should be reporting an error instead.

Originally from https://github.com/php/php-src/pull/5424.


Patches

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-04-22 08:51 UTC] cmb@php.net
The following pull request has been associated:

Patch Name: Fix #79503: Memory leak on duplicate metadata
On GitHub:  https://github.com/php/php-src/pull/5431
Patch:      https://github.com/php/php-src/pull/5431.patch
 [2020-04-22 13:10 UTC] cmb@php.net
Automatic comment on behalf of cmbecker69@gmx.de
Revision: http://git.php.net/?p=php-src.git;a=commit;h=ccca2c448df35ac457eeef11fb7f0d604de3e5f9
Log: Fix #79503: Memory leak on duplicate metadata
 [2020-04-22 13:10 UTC] cmb@php.net
-Status: Open +Status: Closed
 [2020-04-22 13:10 UTC] cmb@php.net
-Assigned To: +Assigned To: cmb
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Mon May 25 21:01:25 2020 UTC