Fix memory leak on Randomizer::__construct() call twice (#9091)

When Radomizer::__construct() was called with no arguments, Randomizer\Engine\Secure was implicitly instantiate and memory was leaking. Co-authored-by: Tim Düsterhus <timwolla@googlemail.com>
php · Jul 23, 2022 · 34b352d · 34b352d
1 parent 3c37290
commit 34b352d
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 0 deletions.
diff --git a/NEWS b/NEWS
@@ -24,6 +24,8 @@ PHP                                                                        NEWS
   . Fixed bug GH-9083 (undefined behavior during shifting). (timwolla)
   . Fixed bug GH-9088, GH-9056 (incorrect expansion of bytes when
     generating uniform integers within a given range). (timwolla)
+  . Fixed bug GH-9089 (Fix memory leak on Randomizer::__construct()
+    call twice) (zeriyoshi)
 
 21 Jul 2022, PHP 8.2.0beta1
 

diff --git a/ext/random/randomizer.c b/ext/random/randomizer.c
@@ -70,6 +70,11 @@ PHP_METHOD(Random_Randomizer, __construct)
 		Z_PARAM_OBJ_OF_CLASS_OR_NULL(engine_object, random_ce_Random_Engine);
 	ZEND_PARSE_PARAMETERS_END();
 
+	if (randomizer->algo) {
+		zend_throw_exception_ex(spl_ce_BadMethodCallException, 0, "Cannot call constructor twice");
+		RETURN_THROWS();
+	}
+
 	/* Create default RNG instance */
 	if (!engine_object) {
 		engine_object = random_ce_Random_Engine_Secure->create_object(random_ce_Random_Engine_Secure);

diff --git a/ext/random/tests/03_randomizer/construct_twice.phpt b/ext/random/tests/03_randomizer/construct_twice.phpt
@@ -0,0 +1,40 @@
+--TEST--
+Random: Randomizer: Disallow manually calling __construct
+--FILE--
+<?php
+
+final class UserEngine implements \Random\Engine
+{
+    public function generate(): string
+    {
+        return \random_byte(4); /* 32-bit */
+    }
+}
+
+try {
+    (new \Random\Randomizer())->__construct();
+} catch (\BadMethodCallException $e) {
+    echo $e->getMessage() . PHP_EOL;
+}
+
+try {
+    $r = new \Random\Randomizer(new \Random\Engine\Xoshiro256StarStar());
+    $r->__construct(new \Random\Engine\PcgOneseq128XslRr64());
+} catch (\BadMethodCallException $e) {
+    echo $e->getMessage() . PHP_EOL;
+}
+
+try {
+    $r = new \Random\Randomizer(new \UserEngine());
+    $r->__construct(new \UserEngine());
+} catch (\BadMethodCallException $e) {
+    echo $e->getMessage() . PHP_EOL;
+}
+
+die('success');
+?>
+--EXPECT--
+Cannot call constructor twice
+Cannot call constructor twice
+Cannot call constructor twice
+success