#46948 [Opn]: ext/date/lib/parse_tz.c:99: Memory leak: buffer

Fri, 26 Dec 2008 19:10:23 -0800 

 ID:               46948
 Updated by:       [email protected]
 Reported By:      dvice_null at yahoo dot com
 Status:           Open
 Bug Type:         Unknown/Other Function
 Operating System: Not relevant
 PHP Version:      6CVS-2008-12-26 (CVS)
 New Comment:

I think something like this:

Index: ext/date/lib/parse_tz.c
===================================================================
RCS file: /repository/php-src/ext/date/lib/parse_tz.c,v
retrieving revision 1.20.2.6.2.13.2.4
diff -u -p -r1.20.2.6.2.13.2.4 parse_tz.c
--- ext/date/lib/parse_tz.c     9 Aug 2008 22:01:08
-0000   1.20.2.6.2.13.2.4
+++ ext/date/lib/parse_tz.c     26 Dec 2008 21:47:20 -0000
@@ -100,6 +100,7 @@ static void read_transistions(char **tzf
 
                cbuffer = (unsigned char*) malloc(tz->timecnt * sizeof(unsigned
char));
                if (!cbuffer) {
+                       free(buffer);
                        return;
                }
                memcpy(cbuffer, *tzf, sizeof(unsigned char) * tz->timecnt);
@@ -125,6 +126,7 @@ static void read_types(char **tzf, timel
 
        tz->type = (ttinfo*) malloc(tz->typecnt * sizeof(struct ttinfo));
        if (!tz->type) {
+               free(buffer);
                return;
        }
 
@@ -153,6 +155,9 @@ static void read_types(char **tzf, timel
 
                tz->leap_times = (tlinfo*) malloc(tz->leapcnt * sizeof(tlinfo));
                if (!tz->leap_times) {
+                       free(leap_buffer);
+                       free(tz->timezone_abbr);
+                       free(tz->types);
                        return;
                }
                for (i = 0; i < tz->leapcnt; i++) {



Previous Comments:
------------------------------------------------------------------------

[2008-12-26 21:11:53] dvice_null at yahoo dot com

Two similar problems in the same file. Let me know if you want separate
bug reports about these:

----------------

ext/date/lib/parse_tz.c:124]: Memory leak: buffer

if (!tz->type) {
  return;
}

----------------

ext/date/lib/parse_tz.c:152: Memory leak: leap_buffer

if (!tz->leap_times) {
  return;
}

------------------------------------------------------------------------

[2008-12-26 20:55:43] dvice_null at yahoo dot com

Description:
------------
In file ext/date/lib/parse_tz.c:99: 
Variable "buffer" leaks memory if "cbuffer" is null in this code:

if (!cbuffer) {
  return;
}


This bug was found using cppcheck:
http://cppcheck.wiki.sourceforge.net/



------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=46948&edit=1

Reply via email to