Electronics & Programming

develissimo

Open Source electronics development and programming

  • You are not logged in.
  • Root
  • » PHP
  • » [PHP-DEV] [PATCH] Pointer reset to NULL but not freed (in SAPI.c) [RSS Feed]

#1 March 25, 2008 12:26:25

Osman A.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

[PHP-DEV] [PATCH] Pointer reset to NULL but not freed (in SAPI.c)


Hey all,
In main/SAPI.c's sapi_startup, sf->ini_entries is set to NULL but is not
freed, which can cause a memory leak, e.g. in sapi/embed/php_embed.c which
calls that function after mallocing ini_entries (php_embed.c tries to free
that memory later, but the free is guarded by a check on ini_entries which
fails because it is already NULL).


--- php-5.2.5/main/SAPI.c 2007-05-25 12:20:01.000000000 +0300
+++ php-5.2.5-fixed/main/SAPI.c 2008-03-25 13:12:53.000000000 +0200
@@ -76,7 +76,10 @@

SAPI_API void sapi_startup(sapi_module_struct *sf)
{
- sf->ini_entries = NULL;
+ if (sf->ini_entries) {
+ free(sf->ini_entries);
+ sf->ini_entries = NULL;
+ }
sapi_module = *sf;

#ifdef ZTS

Offline

#2 March 26, 2008 14:25:02

Marcus B.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

[PHP-DEV] [PATCH] Pointer reset to NULL but not freed (in SAPI.c)


Hello Osman,

thanks for finding this bug. I fixed the embed sapi however for all
active branches so that the first version with the fix is 5.2.6. The reason
to not apply your patch is that we expect sapi_startup() to be able to set
ini_entries to NULL and in fact this is supposed to not be used before this
initialization.

marcus

Tuesday, March 25, 2008, 12:25:38 PM, you wrote:

> Hey all,
> In main/SAPI.c's sapi_startup, sf->ini_entries is set to NULL but is not
> freed, which can cause a memory leak, e.g. in sapi/embed/php_embed.c which
> calls that function after mallocing ini_entries (php_embed.c tries to free
> that memory later, but the free is guarded by a check on ini_entries which
> fails because it is already NULL).


> --- php-5.2.5/main/SAPI.c 2007-05-25 12:20:01.000000000 +0300
> +++ php-5.2.5-fixed/main/SAPI.c 2008-03-25 13:12:53.000000000 +0200
> @@ -76,7 +76,10 @@

> SAPI_API void sapi_startup(sapi_module_struct *sf)
> {
> - sf->ini_entries = NULL;
> + if (sf->ini_entries) {
> + free(sf->ini_entries);
> + sf->ini_entries = NULL;
> + }
> sapi_module = *sf;

> #ifdef ZTS



Best regards,
Marcus


--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit:http://www.php.net/unsub.php

Offline

  • Root
  • » PHP
  • » [PHP-DEV] [PATCH] Pointer reset to NULL but not freed (in SAPI.c) [RSS Feed]

Board footer

Moderator control

Enjoy the 16th of December
PoweredBy

The Forums are managed by develissimo stuff members, if you find any issues or misplaced content please help us to fix it. Thank you! Tell us via Contact Options
Leave a Message
Welcome to Develissimo Live Support