[PATCH] memory leak if offsetGet throws exception (PHP_5_2 branch only!)
| Bug #45327 | [PATCH] memory leak if offsetGet throws exception (PHP_5_2 branch only!) | ||||
|---|---|---|---|---|---|
| Submitted: | 2008-06-21 17:36 UTC | Modified: | 2009-02-17 17:09 UTC | ||
| From: | cellog@php.net | Assigned: | dmitry (profile) | ||
| Status: | Closed | Package: | Scripting Engine problem | ||
| PHP Version: | 5.2CVS-2008-06-21 | OS: | linux 64bit | ||
| Private report: | No | CVE-ID: | None | ||
[2008-06-21 17:36 UTC] cellog@php.net
Description: ------------ ext/phar's test phar_offset_get_error.phpt fails with leaked memory in zend_execute_API.c:1023, which is where retval is allocated. It turns out that if offsetGet() throws an exception, zend_std_read_dimension() does not free the return zval, and it leaks. This only affects PHP 5.2. The patch to fix is at http://pear.php.net/~greg/fix_leak.patch.txt and is pasted below Reproduce code: --------------- Index: Zend/zend_object_handlers.c =================================================================== RCS file: /repository/ZendEngine2/zend_object_handlers.c,v retrieving revision 1.135.2.6.2.28 diff -u -r1.135.2.6.2.28 zend_object_handlers.c --- Zend/zend_object_handlers.c 21 Feb 2008 13:55:22 -0000 1.135.2.6.2.28 +++ Zend/zend_object_handlers.c 21 Jun 2008 17:33:18 -0000 @@ -469,6 +469,10 @@ return 0; } + if (EG(exception)) { + zval_ptr_dtor(&retval); + return 0; + } /* Undo PZVAL_LOCK() */ retval->refcount--;
Patches
Pull Requests
History
AllCommentsChangesGit/SVN commits
[2008-09-02 13:44 UTC] dmitry@php.net
[2008-09-02 16:14 UTC] cellog@php.net
[2009-02-17 17:09 UTC] iliaa@php.net