clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-21 18:07:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix GH-10755: Memory leak in phar_rename_archive()

Browse Source 
In phar_renmae_archive() context, added one reference but immediately
destroyed another, so do not need to increase refcount. With removal of
refcount++ line, PHP/Zend no longer reports memory leak.
Updated bug69958.phpt test file accordingly.

Closes GH-10856
This commit is contained in:
Su, Tao 2023-03-14 00:48:03 -07:00 committed by Ilija Tovilo
parent 5efd60ea90
commit edae24313d
No known key found for this signature in database
GPG Key ID: A4F5D403F118200A
3 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
NEWS
View File

@ -98,6 +98,9 @@ PHP NEWS
. pg_fetch_object raises a ValueError instead of an Exception.
(David Carlier)
- Phar:
. Fix memory leak in phar_rename_archive(). (stkeke)
- Posix:
. Added posix_sysconf. (David Carlier)
. Added posix_pathconf. (David Carlier)

4
ext/phar/phar_object.c
View File

@ -2113,10 +2113,12 @@ static zend_object *phar_rename_archive(phar_archive_data **sphar, char *ext) /*
pphar->flags = phar->flags;
pphar->fp = phar->fp;
phar->fp = NULL;
/* FIX: GH-10755 Double-free issue caught by ASAN check */
pphar->alias = phar->alias; /* Transfer alias to pphar to */
phar->alias = NULL; /* avoid being free'd twice */
phar_destroy_phar_data(phar);
*sphar = NULL;
phar = pphar;
phar->refcount++;
newpath = oldpath;
goto its_ok;
}

8
ext/phar/tests/bug69958.phpt
View File

@ -1,7 +1,5 @@
--TEST--
Phar: bug #69958: Segfault in Phar::convertToData on invalid file
--XFAIL--
Still has memory leaks, see https://bugs.php.net/bug.php?id=70005
--EXTENSIONS--
phar
--FILE--
@ -10,8 +8,8 @@ $tarphar = new PharData(__DIR__.'/bug69958.tar');
$phar = $tarphar->convertToData(Phar::TAR);
?>
--EXPECTF--
Fatal error: Uncaught BadMethodCallException: phar "%s/bug69958.tar" exists and must be unlinked prior to conversion in %s/bug69958.php:%d
Fatal error: Uncaught BadMethodCallException: phar "%sbug69958.tar" exists and must be unlinked prior to conversion in %sbug69958.php:%d
Stack trace:
#0 %s/bug69958.php(%d): PharData->convertToData(%d)
#0 %sbug69958.php(%d): PharData->convertToData(%d)
#1 {main}
thrown in %s/bug69958.php on line %d
thrown in %sbug69958.php on line %d