Browse files

Fix PECL Bug #18639, double free in getServerByKey.

Bug report and fix, courtesy of Kevin Bowman.
  • Loading branch information...
1 parent 55628f2 commit dc47bf7092e9d02930acc11d3ebeb8e0808ca4fd @tricky tricky committed Sep 14, 2010
Showing with 29 additions and 1 deletion.
  1. +6 −1 php_memcached.c
  2. +23 −0 tests/bug_18639.phpt
View
7 php_memcached.c
@@ -1823,7 +1823,12 @@ PHP_METHOD(Memcached, getServerByKey)
add_assoc_string(return_value, "host", server->hostname, 1);
add_assoc_long(return_value, "port", server->port);
add_assoc_long(return_value, "weight", server->weight);
- memcached_server_free(server);
+
+ /* memcached_server_add(3) states that the server instance is cloned. */
+ /* In actuality it is not, possibly a bug in libmemcached 0.40. */
+ /* remove server freeing */
+
+ /* memcached_server_free(server); */
}
/* }}} */
View
23 tests/bug_18639.phpt
@@ -0,0 +1,23 @@
+--TEST--
+Memcached::getServerByKey(): Bug pecl#18639 (Segfault in getServerByKet)
+--SKIPIF--
+<?php if (!extension_loaded("memcached")) print "skip"; ?>
+--FILE--
+<?php
+error_reporting(0);
+
+$m = new Memcached();
+$m->addServer('127.0.0.1', 11211);
+var_dump($m->set('test', 'test1'));
+var_dump($m->getServerByKey('1'));
+
+--EXPECTF--
+bool(true)
+array(3) {
+ ["host"]=>
+ string(9) "127.0.0.1"
+ ["port"]=>
+ int(11211)
+ ["weight"]=>
+ int(0)
+}

0 comments on commit dc47bf7

Please sign in to comment.