ID: 44446
User updated by: manuel at mausz dot at
Reported By: manuel at mausz dot at
Status: Open
Bug Type: *General Issues
Operating System: Linux + Windows
PHP Version: 5.2.6RC2
New Comment:
Hello,
sorry, you're right. I overlooked that free at the end.
But then d won't be freed if VCWD_POPEN fails and the code jumps to the
"err"-label.
And no, I don't have a script. I just looked at the safe_mode_exec_dir
code and found that issue.
Previous Comments:
------------------------------------------------------------------------
[2008-03-16 18:07:54] [EMAIL PROTECTED]
Hello, you have a reprocuce script?
I'm not see leak here.
We have:
if (...) {
/* ... */
cmd_p = php_escape_shell_cmd(d);
efree(d);
d = cmd_p;
} else {
cmd_p = cmd;
}
and:
if (d) {
efree(d);
}
Destined to free the escaped cmd.
------------------------------------------------------------------------
[2008-03-16 16:19:59] manuel at mausz dot at
That's the correct patch:
--- php-5.2.5/ext/standard/exec.c.orig 2008-03-16 17:15:28.000000000
+0100
+++ php-5.2.5/ext/standard/exec.c 2008-03-16 17:16:26.000000000
+0100
@@ -87,7 +87,7 @@
efree(d);
d = cmd_p;
} else {
- cmd_p = cmd;
+ cmd_p = estrdup(cmd);
}
#if PHP_SIGCHILD
@@ -99,6 +99,7 @@
#else
fp = VCWD_POPEN(cmd_p, "r");
#endif
+ efree(cmd_p);
if (!fp) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to
fork [%s]", cmd);
goto err;
------------------------------------------------------------------------
[2008-03-16 15:59:13] manuel at mausz dot at
Description:
------------
There's a memory leak in php_exec. The escaped command never gets
freed.
--- ./ext/standard/exec.c.orig 2008-03-16 16:52:08.000000000 +0100
+++ ./ext/standard/exec.c 2008-03-16 16:51:54.000000000 +0100
@@ -116,6 +116,7 @@
#else
fp = VCWD_POPEN(cmd_p, "r");
#endif
+ efree(cmd_p);
if (!fp) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to
fork [%s]", cmd);
goto err;
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=44446&edit=1
