Skip to content

Commit

Permalink
Fixed memory leak introduced by 7cb5bdf
Browse files Browse the repository at this point in the history
  • Loading branch information
@dstogov
dstogov committed Jul 10, 2017
1 parent 2283b6f commit 7be2637
Showing 1 changed file with 7 additions and 7 deletions.
14 changes: 7 additions & 7 deletions ext/standard/var_unserializer.re
View file
Original file line number Diff line number Diff line change
Expand Up @@ -391,7 +391,7 @@ static zend_always_inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTab
ZVAL_UNDEF(&key);

if (!php_var_unserialize_internal(&key, p, max, NULL)) {
zval_dtor(&key);
zval_ptr_dtor(&key);
return 0;
}

Expand Down Expand Up @@ -421,7 +421,7 @@ numeric_key:
data = zend_hash_add_new(ht, Z_STR(key), &d);
}
} else {
zval_dtor(&key);
zval_ptr_dtor(&key);
return 0;
}
} else {
Expand All @@ -435,7 +435,7 @@ string_key:
size_t unmangled_prop_len;

if (UNEXPECTED(zend_unmangle_property_name_ex(Z_STR(key), &unmangled_class, &unmangled_prop, &unmangled_prop_len) == FAILURE)) {
zval_dtor(&key);

This comment has been minimized.

Sign in to view

Copy link
@tpunt

tpunt Jul 10, 2017

Contributor

Can this leak, given that key will only be a string here?

This comment has been minimized.

Sign in to view

Copy link
@dstogov

dstogov Jul 10, 2017

Author Member

The reason of the leak - line 468.
I supose, first time, the key was created as interned string, with corresponmding zval flags, than the string value is changed (but not zval flags). As result, the following zval_dtor/zval_ptr_dtor didn't release the new string.

I any case, it's safer to use zval_ptr_dtor(), especially, if reference-counter may be updated.
zval_ptr_dtor(&key);
return 0;
}

Expand Down Expand Up @@ -465,7 +465,7 @@ string_key:
new_key = unmangled;
}
zend_string_release(Z_STR(key));
Z_STR(key) = new_key;
ZVAL_STR(&key, new_key);
} else {
zend_string_release(unmangled);
}
Expand All @@ -485,13 +485,13 @@ string_key:
convert_to_string(&key);
goto string_key;
} else {
zval_dtor(&key);
zval_ptr_dtor(&key);
return 0;
}
}

if (!php_var_unserialize_internal(data, p, max, var_hash)) {
zval_dtor(&key);
zval_ptr_dtor(&key);
return 0;
}

Expand All @@ -505,7 +505,7 @@ string_key:
var_push_dtor(var_hash, data);
}

zval_dtor(&key);
zval_ptr_dtor(&key);

if (elements && *(*p-1) != ';' && *(*p-1) != '}') {
(*p)--;
Expand Down

1 comment on commit 7be2637

@pmmaga
Copy link
Contributor

@pmmaga pmmaga commented on 7be2637 Jul 10, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! Sorry it slipped through.

Please sign in to comment.