Hey all,
In main/SAPI.c's sapi_startup, sf->ini_entries is set to NULL but is not
freed, which can cause a memory leak, e.g. in sapi/embed/php_embed.c which
calls that function after mallocing ini_entries (php_embed.c tries to free
that memory later, but the free is guarded by a check on ini_entries which
fails because it is already NULL).
--- php-5.2.5/main/SAPI.c 2007-05-25 12:20:01.000000000 +0300
+++ php-5.2.5-fixed/main/SAPI.c 2008-03-25 13:12:53.000000000 +0200
@@ -76,7 +76,10 @@
SAPI_API void sapi_startup(sapi_module_struct *sf)
{
-
sf->ini_entries = NULL;
-
if (sf->ini_entries) { -
free(sf->ini_entries); -
sf->ini_entries = NULL; -
} sapi_module = *sf;
#ifdef ZTS
Hello Osman,
thanks for finding this bug. I fixed the embed sapi however for all
active branches so that the first version with the fix is 5.2.6. The reason
to not apply your patch is that we expect sapi_startup() to be able to set
ini_entries to NULL and in fact this is supposed to not be used before this
initialization.
marcus
Tuesday, March 25, 2008, 12:25:38 PM, you wrote:
Hey all,
In main/SAPI.c's sapi_startup, sf->ini_entries is set toNULLbut is not
freed, which can cause a memory leak, e.g. in sapi/embed/php_embed.c which
calls that function after mallocing ini_entries (php_embed.c tries to free
that memory later, but the free is guarded by a check on ini_entries which
fails because it is already NULL).
--- php-5.2.5/main/SAPI.c 2007-05-25 12:20:01.000000000 +0300
+++ php-5.2.5-fixed/main/SAPI.c 2008-03-25 13:12:53.000000000 +0200
@@ -76,7 +76,10 @@
SAPI_API void sapi_startup(sapi_module_struct *sf)
{
sf->ini_entries = NULL;
if (sf->ini_entries) {free(sf->ini_entries);sf->ini_entries = NULL;} sapi_module = *sf;
#ifdef ZTS
Best regards,
Marcus