PHP :: Bug #70064 :: imagescale(..., IMG_BICUBIC) leaks memory
| Bug #70064 | imagescale(..., IMG_BICUBIC) leaks memory | ||||
|---|---|---|---|---|---|
| Submitted: | 2015-07-13 13:14 UTC | Modified: | 2015-07-13 16:25 UTC | ||
| From: | cmb@php.net | Assigned: | cmb (profile) | ||
| Status: | Closed | Package: | GD related | ||
| PHP Version: | 7.0Git-2015-07-13 (Git) | OS: | * | ||
| Private report: | No | CVE-ID: | None | ||
[2015-07-13 13:14 UTC] cmb@php.net
Description: ------------ Apparently, imagescale(..., IMG_BICUBIC) leaks memory. Test script: --------------- <?php $im = imagecreatetruecolor(256, 256); imagescale($im, 32, 32, IMG_BICUBIC); imagedestroy($im); ?> Expected result: ---------------- Actual result: -------------- [Mon Jul 13 15:11:26 2015] Script: '/home/cmb/test.php' /home/cmb/php-src/ext/gd/libgd/gd.c(202) : Freeing 0x7FC6B1657680 (32 bytes), s cript=/home/cmb/test.php /home/cmb/php-src/Zend/zend_alloc.c(2266) : Actual location (location was relaye d) Last leak repeated 255 times [Mon Jul 13 15:11:26 2015] Script: '/home/cmb/test.php' /home/cmb/php-src/ext/gd/libgd/gd.c(193) : Freeing 0x7FC6B165AE00 (2048 bytes), script=/home/cmb/test.php [Mon Jul 13 15:11:26 2015] Script: '/home/cmb/test.php' /home/cmb/php-src/ext/gd/libgd/gd.c(194) : Freeing 0x7FC6B165B800 (2048 bytes), script=/home/cmb/test.php [Mon Jul 13 15:11:26 2015] Script: '/home/cmb/test.php' /home/cmb/php-src/ext/gd/libgd/gd.c(201) : Freeing 0x7FC6B1680000 (128 bytes), script=/home/cmb/test.php /home/cmb/php-src/Zend/zend_alloc.c(2266) : Actual location (location was relaye d) Last leak repeated 255 times === Total 514 memory leaks detected ===
Patches
Pull Requests
History
AllCommentsChangesGit/SVN commits
[2015-07-13 13:15 UTC] cmb@php.net
-Assigned To: +Assigned To: cmb
[2015-07-13 16:25 UTC] cmb@php.net
-Status: Assigned +Status: Analyzed
[2015-07-13 16:25 UTC] cmb@php.net
Well, actually the test script should have been: <?php $im = imagecreatetruecolor(256, 256); imagedestroy(imagescale($im, 32, 32, IMG_BICUBIC)); imagedestroy($im); ?> but that doesn't change the result. The problem is that a temporary image is freed with gdFree() instead of gdImageDestroy(). I've already reported that upstream[1]. [1] <https://github.com/libgd/libgd/issues/173>[2015-07-13 16:39 UTC] cmb@php.net
-Status: Analyzed +Status: Closed