|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79503 Memory leak on duplicate metadata
Submitted: 2020-04-21 09:52 UTC Modified: 2020-04-22 13:10 UTC
From: Assigned: cmb (profile)
Status: Closed Package: PHAR related
PHP Version: 7.3.17 OS:
Private report: No CVE-ID: None
 [2020-04-21 09:52 UTC]
Passing the file to Phar::__construct() results in a memory leak:

    #0 0x4ef61d in malloc (/home/nikic/php-src-fuzz/sapi/fuzzer/php-fuzz-phar+0x4ef61d)
    #1 0x105d619 in __zend_malloc /home/nikic/php-src-fuzz/Zend/zend_alloc.c:2992:14
    #2 0xeca559 in zend_string_alloc /home/nikic/php-src-fuzz/Zend/zend_string.h:141:36
    #3 0xeca559 in zend_string_init /home/nikic/php-src-fuzz/Zend/zend_string.h:163:21
    #4 0xecf463 in php_var_unserialize_internal /home/nikic/php-src-fuzz/ext/standard/
    #5 0xeca8ca in php_var_unserialize /home/nikic/php-src-fuzz/ext/standard/
    #6 0xad234e in phar_parse_metadata /home/nikic/php-src-fuzz/ext/phar/phar.c:621:8
    #7 0xa74837 in phar_tar_process_metadata /home/nikic/php-src-fuzz/ext/phar/tar.c:176:6
    #8 0xa74837 in phar_parse_tarfile /home/nikic/php-src-fuzz/ext/phar/tar.c:512:19
    #9 0xad6fdd in phar_open_from_fp /home/nikic/php-src-fuzz/ext/phar/phar.c:1726:13
    #10 0xad4e48 in phar_create_or_parse_filename /home/nikic/php-src-fuzz/ext/phar/phar.c:1364:7

The cause is a duplicate .phar/.metadata.bin entry, where the second one overwrites the first without freeing. Probably we should be reporting an error instead.

Originally from


Add a Patch

Pull Requests

Pull requests:

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2020-04-22 08:51 UTC]
The following pull request has been associated:

Patch Name: Fix #79503: Memory leak on duplicate metadata
On GitHub:
 [2020-04-22 13:10 UTC]
Automatic comment on behalf of
Log: Fix #79503: Memory leak on duplicate metadata
 [2020-04-22 13:10 UTC]
-Status: Open +Status: Closed
 [2020-04-22 13:10 UTC]
-Assigned To: +Assigned To: cmb
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Tue Jun 06 20:03:36 2023 UTC