Bug #61087 [PATCH]: Memory leak in parse_ini_file when specifying invalid scanner mode

Tue, 14 Feb 2012 10:00:41 -0800 

Edit report at https://bugs.php.net/bug.php?id=61087&edit=1

 ID:                 61087
 Patch added by:     ni...@php.net
 Reported by:        ni...@php.net
 Summary:            Memory leak in parse_ini_file when specifying
                     invalid scanner mode
 Status:             Open
 Type:               Bug
 Package:            *General Issues
 PHP Version:        Irrelevant
 Block user comment: N
 Private report:     N

 New Comment:

The following patch has been added/updated:

Patch Name: parse_ini_file_memleak.patch
Revision:   1329242430
URL:        
https://bugs.php.net/patch-display.php?bug=61087&patch=parse_ini_file_memleak.patch&revision=1329242430


Previous Comments:
------------------------------------------------------------------------
[2012-02-14 17:51:09] ni...@php.net

Description:
------------
parse_ini_file('emptyFile', false, 26);

Leaks:


Warning: Invalid scanner mode in /home/nikic/dev/my-
fuzzer/reproduceCode5_memoryLeak.php on line 3
[Tue Feb 14 18:36:56 2012]  Script:  'reproduceCode5_memoryLeak.php'
/home/nikic/dev/php-src/main/streams/plain_wrapper.c(910) :  Freeing 0xB780BE94 
(36 bytes), script=reproduceCode5_memoryLeak.php
[Tue Feb 14 18:36:56 2012]  Script:  'reproduceCode5_memoryLeak.php'
/home/nikic/dev/php-src/Zend/zend_stream.c(280) :  Freeing 0xB780C908 (32 
bytes), script=reproduceCode5_memoryLeak.php
=== Total 2 memory leaks detected ===

The reason is that the file handle is not closed correctly.

I was able to fix it using this simple patch:

diff --git a/Zend/zend_ini_scanner.c b/Zend/zend_ini_scanner.c
index 85fc74d..3b4e217 100644
--- a/Zend/zend_ini_scanner.c
+++ b/Zend/zend_ini_scanner.c
@@ -230,9 +230,12 @@ int zend_ini_open_file_for_scanning(zend_file_handle *fh, i
        char *buf;
        size_t size;
 
-       if (zend_stream_fixup(fh, &buf, &size TSRMLS_CC) == FAILURE ||
-               init_ini_scanner(scanner_mode, fh TSRMLS_CC) == FAILURE
-       ) {
+       if (zend_stream_fixup(fh, &buf, &size TSRMLS_CC) == FAILURE) {
+               return FAILURE;
+       }
+
+       if (init_ini_scanner(scanner_mode, fh TSRMLS_CC) == FAILURE) {
+               zend_file_handle_dtor(fh TSRMLS_CC);
                return FAILURE;
        }



------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=61087&edit=1

Reply via email to