Edit report at https://bugs.php.net/bug.php?id=61058&edit=1
ID: 61058 Updated by: larue...@php.net Reported by: ni...@php.net Summary: array_fill leaks if start index is PHP_INT_MAX Status: Open Type: Bug Package: *General Issues PHP Version: Irrelevant -Assigned To: +Assigned To: laruence Block user comment: N Private report: N New Comment: Fixed in 5.3 , trunk, will close this after I meger this fix to 5.4. Previous Comments: ------------------------------------------------------------------------ [2012-02-12 04:59:07] larue...@php.net Automatic comment from SVN on behalf of laruence Revision: http://svn.php.net/viewvc/?view=revision&revision=323160 Log: Fixed bug #61058 (array_fill leaks if start index is PHP_INT_MAX) ------------------------------------------------------------------------ [2012-02-12 04:56:52] larue...@php.net hmm, I think I should fix this, since this was explored :) ------------------------------------------------------------------------ [2012-02-12 04:42:08] larue...@php.net There are lots of functions/codes doesn't check the return value of zend_hash_next_index_insert(and other variants of zend_hash_update_**). So, IMO, there should be some familar issues there. if we only focus on this one, a simple patch will be(but I think it's no needed to fix this, since this really a intentional behavior :) thanks ): Index: ext/standard/array.c =================================================================== --- ext/standard/array.c (revision 323122) +++ ext/standard/array.c (working copy) @@ -1564,11 +1564,15 @@ num--; zval_add_ref(&val); - zend_hash_index_update(Z_ARRVAL_P(return_value), start_key, &val, sizeof(zval *), NULL); + if (zend_hash_index_update(Z_ARRVAL_P(return_value), start_key, &val, sizeof(zval *), NULL) == FAILURE) { + zval_ptr_dtor(&val); + } while (num--) { zval_add_ref(&val); - zend_hash_next_index_insert(Z_ARRVAL_P(return_value), &val, sizeof(zval *), NULL); + if (zend_hash_next_index_insert(Z_ARRVAL_P(return_value), &val, sizeof(zval *), NULL) == FAILURE) { + zval_ptr_dtor(&val); + } } } /* }}} */ ------------------------------------------------------------------------ [2012-02-11 19:51:41] ni...@php.net Description: ------------ <?php array_fill(PHP_INT_MAX, 2, '*') Leaks: [Sat Feb 11 20:47:35 2012] Script: 'reproduceCode4_memoryLeak.php' /home/nikic/dev/php-src-git/Zend/zend_vm_execute.h(2371) : Freeing 0xB786F010 (20 bytes), script=reproduceCode4_memoryLeak.php [Sat Feb 11 20:47:35 2012] Script: 'reproduceCode4_memoryLeak.php' /home/nikic/dev/php-src-git/Zend/zend_vm_execute.h(2374) : Freeing 0xB7870558 (1 bytes), script=reproduceCode4_memoryLeak.php /home/nikic/dev/php-src-git/Zend/zend_variables.c(121) : Actual location (location was relayed) === Total 2 memory leaks detected === Reason: zval_add_ref is called regardless of whether zend_hash_next_index_insert succeeds in http://lxr.php.net/opengrok/xref/PHP_TRUNK/ext/standard/array.c#1570. ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=61058&edit=1