Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:35317
Return-Path: <greg@chiaraquartet.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 35120 invoked by uid 1010); 8 Feb 2008 05:56:04 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 35099 invoked from network); 8 Feb 2008 05:56:04 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 8 Feb 2008 05:56:04 -0000
Authentication-Results: pb1.pair.com smtp.mail=greg@chiaraquartet.net; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=greg@chiaraquartet.net; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain chiaraquartet.net from 38.99.98.18 cause and error)
X-PHP-List-Original-Sender: greg@chiaraquartet.net
X-Host-Fingerprint: 38.99.98.18 beast.bluga.net Linux 2.6
Received: from [38.99.98.18] ([38.99.98.18:41725] helo=mail.bluga.net)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 42/47-16023-8AEEBA74 for <internals@lists.php.net>; Fri, 08 Feb 2008 00:54:48 -0500
Received: from mail.bluga.net (localhost.localdomain [127.0.0.1])
	by mail.bluga.net (Postfix) with ESMTP id 584E5C0E9BE
	for <internals@lists.php.net>; Thu,  7 Feb 2008 22:54:45 -0700 (MST)
Received: from [192.168.0.106] (CPE-76-84-4-101.neb.res.rr.com [76.84.4.101])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.bluga.net (Postfix) with ESMTP id 20B9BC0E9BA
	for <internals@lists.php.net>; Thu,  7 Feb 2008 22:54:45 -0700 (MST)
Message-ID: <47ABEEB0.4000701@chiaraquartet.net>
Date: Thu, 07 Feb 2008 23:54:56 -0600
User-Agent: Thunderbird 2.0.0.6 (X11/20071022)
MIME-Version: 1.0
To: internals Mailing List <internals@lists.php.net>
X-Enigmail-Version: 0.95.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV using ClamSMTP
Subject: bug in ext/zlib?
From: greg@chiaraquartet.net (Gregory Beaver)

Hi,

I'm having a terrible time removing a memory leak in pecl/phar that is
caused by a zval_dtor() call in zlib_filter.c.  I think the source of
the problem is that zlib_filter's creation function uses SEPARATE_ZVAL()
to separate from the passed in filter parameters.  Unfortunately, I
don't think this can work, because in many cases, the zval passed in
will not be separated (refcount is <= 1), and so the original zval is
freed, causing a double free.

I'm referring specifically to these lines:

http://lxr.php.net/source/php-src/ext/zlib/zlib_filter.c#368

Is there any reason not to switch out the SEPARATE_ZVAL() call to a
straightforward oldzval = tmpzval/ALLOC_ZVAL()/*tmpzval =
*oldzval/zval_copy_ctor(tmpzval)?  This would prevent any possibility of
modifying the original zval.

Greg