php_variables.c

Dmitry Stogov Thu, 02 Feb 2012 02:27:26 -0800

dmitry                                   Thu, 02 Feb 2012 10:26:53 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=323013


Log:
Fixed memory leaks

Changed paths:
    U   php/php-src/branches/PHP_5_3/main/php_variables.c
    U   php/php-src/branches/PHP_5_4/main/php_variables.c
    U   php/php-src/trunk/main/php_variables.c

Modified: php/php-src/branches/PHP_5_3/main/php_variables.c
===================================================================
--- php/php-src/branches/PHP_5_3/main/php_variables.c	2012-02-02 09:15:34 UTC (rev 323012)
+++ php/php-src/branches/PHP_5_3/main/php_variables.c	2012-02-02 10:26:53 UTC (rev 323013)
@@ -182,7 +182,12 @@
 			if (!index) {
 				MAKE_STD_ZVAL(gpc_element);
 				array_init(gpc_element);
-				zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
+				if (zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p) == FAILURE) {
+					zval_ptr_dtor(&gpc_element);
+					zval_dtor(val);
+					efree(var_orig);
+					return;
+				}
 			} else {
 				if (PG(magic_quotes_gpc)) {
 					escaped_index = php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC);
@@ -199,6 +204,10 @@
 						array_init(gpc_element);
 						zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
 					} else {
+						if (index != escaped_index) {
+							efree(escaped_index);
+						}
+						zval_dtor(val);
 						efree(var_orig);
 						return;
 					}
@@ -226,7 +235,9 @@
 		gpc_element->value = val->value;
 		Z_TYPE_P(gpc_element) = Z_TYPE_P(val);
 		if (!index) {
-			zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
+			if (zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p) == FAILURE) {
+				zval_ptr_dtor(&gpc_element);
+			}
 		} else {
 			if (PG(magic_quotes_gpc)) {
 				escaped_index = php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC);

Modified: php/php-src/branches/PHP_5_4/main/php_variables.c
===================================================================
--- php/php-src/branches/PHP_5_4/main/php_variables.c	2012-02-02 09:15:34 UTC (rev 323012)
+++ php/php-src/branches/PHP_5_4/main/php_variables.c	2012-02-02 10:26:53 UTC (rev 323013)
@@ -57,7 +57,7 @@
 {
 	char *p = NULL;
 	char *ip;		/* index pointer */
-	char *index, *escaped_index = NULL;
+	char *index;
 	char *var, *var_orig;
 	int var_len, index_len;
 	zval *gpc_element, **gpc_element_p;
@@ -174,10 +174,14 @@
 			if (!index) {
 				MAKE_STD_ZVAL(gpc_element);
 				array_init(gpc_element);
-				zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
+				if (zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p) == FAILURE) {
+					zval_ptr_dtor(&gpc_element);
+					zval_dtor(val);
+					free_alloca(var_orig, use_heap);
+					return;
+				}
 			} else {
-				escaped_index = index;
-				if (zend_symtable_find(symtable1, escaped_index, index_len + 1, (void **) &gpc_element_p) == FAILURE
+				if (zend_symtable_find(symtable1, index, index_len + 1, (void **) &gpc_element_p) == FAILURE
 					|| Z_TYPE_PP(gpc_element_p) != IS_ARRAY) {
 					if (zend_hash_num_elements(symtable1) <= PG(max_input_vars)) {
 						if (zend_hash_num_elements(symtable1) == PG(max_input_vars)) {
@@ -185,15 +189,13 @@
 						}
 						MAKE_STD_ZVAL(gpc_element);
 						array_init(gpc_element);
-						zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
+						zend_symtable_update(symtable1, index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
 					} else {
+						zval_dtor(val);
 						free_alloca(var_orig, use_heap);
 						return;
 					}
 				}
-				if (index != escaped_index) {
-					efree(escaped_index);
-				}
 			}
 			symtable1 = Z_ARRVAL_PP(gpc_element_p);
 			/* ip pointed to the '[' character, now obtain the key */
@@ -214,9 +216,10 @@
 		gpc_element->value = val->value;
 		Z_TYPE_P(gpc_element) = Z_TYPE_P(val);
 		if (!index) {
-			zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
+			if (zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p) == FAILURE) {
+				zval_ptr_dtor(&gpc_element);
+			}
 		} else {
-			escaped_index = index;
 			/*
 			 * According to rfc2965, more specific paths are listed above the less specific ones.
 			 * If we encounter a duplicate cookie name, we should skip it, since it is not possible
@@ -225,21 +228,18 @@
 			 */
 			if (PG(http_globals)[TRACK_VARS_COOKIE] &&
 				symtable1 == Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_COOKIE]) &&
-				zend_symtable_exists(symtable1, escaped_index, index_len + 1)) {
+				zend_symtable_exists(symtable1, index, index_len + 1)) {
 				zval_ptr_dtor(&gpc_element);
 			} else {
 				if (zend_hash_num_elements(symtable1) <= PG(max_input_vars)) {
 					if (zend_hash_num_elements(symtable1) == PG(max_input_vars)) {
 						php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
 					}
-					zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
+					zend_symtable_update(symtable1, index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
 				} else {
 					zval_ptr_dtor(&gpc_element);
 				}
 			}
-			if (escaped_index != index) {
-				efree(escaped_index);
-			}
 		}
 	}
 	free_alloca(var_orig, use_heap);

Modified: php/php-src/trunk/main/php_variables.c
===================================================================
--- php/php-src/trunk/main/php_variables.c	2012-02-02 09:15:34 UTC (rev 323012)
+++ php/php-src/trunk/main/php_variables.c	2012-02-02 10:26:53 UTC (rev 323013)
@@ -57,7 +57,7 @@
 {
 	char *p = NULL;
 	char *ip;		/* index pointer */
-	char *index, *escaped_index = NULL;
+	char *index;
 	char *var, *var_orig;
 	int var_len, index_len;
 	zval *gpc_element, **gpc_element_p;
@@ -174,10 +174,14 @@
 			if (!index) {
 				MAKE_STD_ZVAL(gpc_element);
 				array_init(gpc_element);
-				zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
+				if (zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p) == FAILURE) {
+					zval_ptr_dtor(&gpc_element);
+					zval_dtor(val);
+					free_alloca(var_orig, use_heap);
+					return;
+				}
 			} else {
-				escaped_index = index;
-				if (zend_symtable_find(symtable1, escaped_index, index_len + 1, (void **) &gpc_element_p) == FAILURE
+				if (zend_symtable_find(symtable1, index, index_len + 1, (void **) &gpc_element_p) == FAILURE
 					|| Z_TYPE_PP(gpc_element_p) != IS_ARRAY) {
 					if (zend_hash_num_elements(symtable1) <= PG(max_input_vars)) {
 						if (zend_hash_num_elements(symtable1) == PG(max_input_vars)) {
@@ -185,15 +189,13 @@
 						}
 						MAKE_STD_ZVAL(gpc_element);
 						array_init(gpc_element);
-						zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
+						zend_symtable_update(symtable1, index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
 					} else {
+						zval_dtor(val);
 						free_alloca(var_orig, use_heap);
 						return;
 					}
 				}
-				if (index != escaped_index) {
-					efree(escaped_index);
-				}
 			}
 			symtable1 = Z_ARRVAL_PP(gpc_element_p);
 			/* ip pointed to the '[' character, now obtain the key */
@@ -214,9 +216,10 @@
 		gpc_element->value = val->value;
 		Z_TYPE_P(gpc_element) = Z_TYPE_P(val);
 		if (!index) {
-			zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
+			if (zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p) == FAILURE) {
+				zval_ptr_dtor(&gpc_element);
+			}
 		} else {
-			escaped_index = index;
 			/*
 			 * According to rfc2965, more specific paths are listed above the less specific ones.
 			 * If we encounter a duplicate cookie name, we should skip it, since it is not possible
@@ -225,21 +228,18 @@
 			 */
 			if (PG(http_globals)[TRACK_VARS_COOKIE] &&
 				symtable1 == Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_COOKIE]) &&
-				zend_symtable_exists(symtable1, escaped_index, index_len + 1)) {
+				zend_symtable_exists(symtable1, index, index_len + 1)) {
 				zval_ptr_dtor(&gpc_element);
 			} else {
 				if (zend_hash_num_elements(symtable1) <= PG(max_input_vars)) {
 					if (zend_hash_num_elements(symtable1) == PG(max_input_vars)) {
 						php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
 					}
-					zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
+					zend_symtable_update(symtable1, index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
 				} else {
 					zval_ptr_dtor(&gpc_element);
 				}
 			}
-			if (escaped_index != index) {
-				efree(escaped_index);
-			}
 		}
 	}
 	free_alloca(var_orig, use_heap);

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/main/php_variables.c branches/PHP_5_4/main/php_variables.c trunk/main/php_variables.c

Reply via email to