Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:36537
Return-Path: <helly@php.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 87084 invoked from network); 26 Mar 2008 13:24:25 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 26 Mar 2008 13:24:25 -0000
Authentication-Results: pb1.pair.com header.from=helly@php.net; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=helly@php.net; spf=unknown; sender-id=unknown
Received-SPF: unknown (pb1.pair.com: domain php.net does not designate 85.214.94.56 as permitted sender)
X-PHP-List-Original-Sender: helly@php.net
X-Host-Fingerprint: 85.214.94.56 aixcept.net Linux 2.6
Received: from [85.214.94.56] ([85.214.94.56:44583] helo=h1149922.serverkompetenz.net)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 21/08-47041-88E4AE74 for <internals@lists.php.net>; Wed, 26 Mar 2008 08:24:25 -0500
Received: from MBOERGER-ZRH (unknown [193.142.125.1])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	by h1149922.serverkompetenz.net (Postfix) with ESMTP id AE79E11DC7B;
	Wed, 26 Mar 2008 14:24:21 +0100 (CET)
Date: Wed, 26 Mar 2008 14:24:19 +0100
Reply-To: Marcus Boerger <helly@php.net>
X-Priority: 3 (Normal)
Message-ID: <915690106.20080326142419@marcus-boerger.de>
To: =?utf-8?B?T3NtYW4gQS4gT3NtYW4gKNi52KvZhdin2YYp?= <osman@google.com>
CC: internals@lists.php.net
In-Reply-To: <e2d401d60803250425n5bff8392waf7f9e3a23403575@mail.gmail.com>
References: <e2d401d60803250425n5bff8392waf7f9e3a23403575@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Subject: Re: [PHP-DEV] [PATCH] Pointer reset to NULL but not freed (in SAPI.c)
From: helly@php.net (Marcus Boerger)

Hello Osman,

  thanks for finding this bug. I fixed the embed sapi however for all
active branches so that the first version with the fix is 5.2.6. The reason
to not apply your patch is that we expect sapi_startup() to be able to set
ini_entries to NULL and in fact this is supposed to not be used before this
initialization.

marcus

Tuesday, March 25, 2008, 12:25:38 PM, you wrote:

> Hey all,
>   In main/SAPI.c's sapi_startup, sf->ini_entries is set to NULL but is not
> freed, which can cause a memory leak, e.g. in sapi/embed/php_embed.c which
> calls that function after mallocing ini_entries (php_embed.c tries to free
> that memory later, but the free is guarded by a check on ini_entries which
> fails because it is already NULL).


> --- php-5.2.5/main/SAPI.c       2007-05-25 12:20:01.000000000 +0300
> +++ php-5.2.5-fixed/main/SAPI.c 2008-03-25 13:12:53.000000000 +0200
> @@ -76,7 +76,10 @@

>  SAPI_API void sapi_startup(sapi_module_struct *sf)
>  {
> -       sf->ini_entries = NULL;
> +       if (sf->ini_entries) {
> +               free(sf->ini_entries);
> +               sf->ini_entries = NULL;
> +       }
>         sapi_module = *sf;

>  #ifdef ZTS



Best regards,
 Marcus