SQLite3 callback functions cause a memory leak with a callable array

[youkidearitai]

Description

I'm trying phpdoc on http://doc.php.net/tutorial/local-setup.php, then displays memory leak. (My PHP environment is include --enable-debug)

$ ~/php_master/bin/php -i | less
Configure Command =>  './configure'  '--enable-mbstring' '--enable-debug' '--prefix=/Users/tekimen/php_master' '--with-iconv=/opt/homebrew/opt/libiconv' '--enable-bcmath' '--with-zlib'

The following code:

~/php_master/bin/php -d 'ini_set("memory_limit", -1);'  phd/render.php --docbook doc-base/.manual.xml --package PHP --format xhtml

Resulted in this output:

PHP:  syntax error, unexpected '(' in Unknown on line 7
[02:40:04 - Rendering Style       ] Running full build
[02:40:04 - Indexing              ] Skipping indexing
[02:40:04 - Rendering Style       ] Running full build
[02:40:04 - Rendering Format      ] Starting PHP-Chunked-XHTML rendering
[02:40:05 - E_USER_WARNING        ] /Users/tekimen/src/phpdoc/phd/phpdotnet/phd/Package/Generic/XHTML.php:635
	Impossible to copy the http://www.php.net/styles/theme-base.css file.
[02:40:05 - E_USER_WARNING        ] /Users/tekimen/src/phpdoc/phd/phpdotnet/phd/Package/Generic/XHTML.php:635
	Impossible to copy the http://www.php.net/styles/theme-medium.css file.
[02:40:06 - E_DEPRECATED          ] /Users/tekimen/src/phpdoc/phd/phpdotnet/phd/Package/Generic/XHTML.php:915
	Increment on non-alphanumeric string is deprecated
[02:40:06 - E_DEPRECATED          ] /Users/tekimen/src/phpdoc/phd/phpdotnet/phd/Package/Generic/XHTML.php:915
	Increment on non-alphanumeric string is deprecated
[02:40:06 - E_DEPRECATED          ] /Users/tekimen/src/phpdoc/phd/phpdotnet/phd/Package/Generic/XHTML.php:915
	Increment on non-alphanumeric string is deprecated
[02:40:06 - E_DEPRECATED          ] /Users/tekimen/src/phpdoc/phd/phpdotnet/phd/Package/Generic/XHTML.php:915
	Increment on non-alphanumeric string is deprecated
[02:40:06 - E_DEPRECATED          ] /Users/tekimen/src/phpdoc/phd/phpdotnet/phd/Package/Generic/XHTML.php:915
	Increment on non-alphanumeric string is deprecated
[02:40:06 - E_DEPRECATED          ] /Users/tekimen/src/phpdoc/phd/phpdotnet/phd/Package/Generic/XHTML.php:915
	Increment on non-alphanumeric string is deprecated
[02:40:13 - E_DEPRECATED          ] /Users/tekimen/src/phpdoc/phd/phpdotnet/phd/Package/Generic/XHTML.php:915
	Increment on non-alphanumeric string is deprecated
[02:40:18 - E_DEPRECATED          ] /Users/tekimen/src/phpdoc/phd/phpdotnet/phd/Package/Generic/XHTML.php:915
	Increment on non-alphanumeric string is deprecated
[02:40:21 - Rendering Format      ] Writing search indexes..
[02:40:21 - Rendering Format      ] Index written
[02:40:21 - Rendering Format      ] Finished rendering
[Sat Aug  5 11:40:21 2023]  Script:  '/Users/tekimen/src/phpdoc/phd/render.php'
/Users/tekimen/src/php-src/Zend/zend_objects_API.h(92) :  Freeing 0x00000001020f32a0 (176 bytes), script=/Users/tekimen/src/phpdoc/phd/render.php
[Sat Aug  5 11:40:21 2023]  Script:  '/Users/tekimen/src/phpdoc/phd/render.php'
/Users/tekimen/src/php-src/Zend/zend_objects.c(187) :  Freeing 0x0000000105d08f00 (104 bytes), script=/Users/tekimen/src/phpdoc/phd/render.php
Last leak repeated 3 times
=== Total 5 memory leaks detected ===

But I expected this output instead:

I expected displays nothing about memory leak.

PHP:  syntax error, unexpected '(' in Unknown on line 7
[02:40:04 - Rendering Style       ] Running full build
[02:40:04 - Indexing              ] Skipping indexing
[02:40:04 - Rendering Style       ] Running full build
[02:40:04 - Rendering Format      ] Starting PHP-Chunked-XHTML rendering
[02:40:05 - E_USER_WARNING        ] /Users/tekimen/src/phpdoc/phd/phpdotnet/phd/Package/Generic/XHTML.php:635
	Impossible to copy the http://www.php.net/styles/theme-base.css file.
[02:40:05 - E_USER_WARNING        ] /Users/tekimen/src/phpdoc/phd/phpdotnet/phd/Package/Generic/XHTML.php:635
	Impossible to copy the http://www.php.net/styles/theme-medium.css file.
[02:40:06 - E_DEPRECATED          ] /Users/tekimen/src/phpdoc/phd/phpdotnet/phd/Package/Generic/XHTML.php:915
	Increment on non-alphanumeric string is deprecated
[02:40:06 - E_DEPRECATED          ] /Users/tekimen/src/phpdoc/phd/phpdotnet/phd/Package/Generic/XHTML.php:915
	Increment on non-alphanumeric string is deprecated
[02:40:06 - E_DEPRECATED          ] /Users/tekimen/src/phpdoc/phd/phpdotnet/phd/Package/Generic/XHTML.php:915
	Increment on non-alphanumeric string is deprecated
[02:40:06 - E_DEPRECATED          ] /Users/tekimen/src/phpdoc/phd/phpdotnet/phd/Package/Generic/XHTML.php:915
	Increment on non-alphanumeric string is deprecated
[02:40:06 - E_DEPRECATED          ] /Users/tekimen/src/phpdoc/phd/phpdotnet/phd/Package/Generic/XHTML.php:915
	Increment on non-alphanumeric string is deprecated
[02:40:06 - E_DEPRECATED          ] /Users/tekimen/src/phpdoc/phd/phpdotnet/phd/Package/Generic/XHTML.php:915
	Increment on non-alphanumeric string is deprecated
[02:40:13 - E_DEPRECATED          ] /Users/tekimen/src/phpdoc/phd/phpdotnet/phd/Package/Generic/XHTML.php:915
	Increment on non-alphanumeric string is deprecated
[02:40:18 - E_DEPRECATED          ] /Users/tekimen/src/phpdoc/phd/phpdotnet/phd/Package/Generic/XHTML.php:915
	Increment on non-alphanumeric string is deprecated
[02:40:21 - Rendering Format      ] Writing search indexes..
[02:40:21 - Rendering Format      ] Index written
[02:40:21 - Rendering Format      ] Finished rendering

PHP Version

PHP 8.3.0 (master)

Operating System

macOS 13.4.1

[ndossche]

Hmm. Applying GH-11850 does not solve the issue.
EDIT: this is unrelated to the increment/decrement changes, this also reproduces on 8.1 & 8.2

[ndossche]

I managed to build a reproducer that reproduces the underlying issue on 8.1 and higher.

<?php
class Foo {
    public $sqlite;
    public function __construct() {
        $this->sqlite = new SQLite3(":memory:");
        $this->sqlite->createAggregate("indexes", array($this, "SQLiteIndex"), array($this, "SQLiteFinal"), 9);
    }
    public function SQLiteIndex() {}
    public function SQLiteFinal() {}
}

$x = new Foo;

[ndossche]

I think the problem is that we ZVAL_COPY the function name from the fci, but the fci is never destroyed. This means the refcount increase of the fci will never be decreased.
A simple fix would be to transfer the ownership of the function names, i.e. use ZVAL_COPY_VALUE instead of ZVAL_COPY.
I'll try that. EDIT: no, that doesn't actually fix it properly
EDIT 2: I think I got it, and I think the root cause is an engine issue, so relabelling that...