dmitry Thu, 02 Feb 2012 10:26:53 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=323013
Log: Fixed memory leaks Changed paths: U php/php-src/branches/PHP_5_3/main/php_variables.c U php/php-src/branches/PHP_5_4/main/php_variables.c U php/php-src/trunk/main/php_variables.c
Modified: php/php-src/branches/PHP_5_3/main/php_variables.c =================================================================== --- php/php-src/branches/PHP_5_3/main/php_variables.c 2012-02-02 09:15:34 UTC (rev 323012) +++ php/php-src/branches/PHP_5_3/main/php_variables.c 2012-02-02 10:26:53 UTC (rev 323013) @@ -182,7 +182,12 @@ if (!index) { MAKE_STD_ZVAL(gpc_element); array_init(gpc_element); - zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); + if (zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p) == FAILURE) { + zval_ptr_dtor(&gpc_element); + zval_dtor(val); + efree(var_orig); + return; + } } else { if (PG(magic_quotes_gpc)) { escaped_index = php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC); @@ -199,6 +204,10 @@ array_init(gpc_element); zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); } else { + if (index != escaped_index) { + efree(escaped_index); + } + zval_dtor(val); efree(var_orig); return; } @@ -226,7 +235,9 @@ gpc_element->value = val->value; Z_TYPE_P(gpc_element) = Z_TYPE_P(val); if (!index) { - zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); + if (zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p) == FAILURE) { + zval_ptr_dtor(&gpc_element); + } } else { if (PG(magic_quotes_gpc)) { escaped_index = php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC); Modified: php/php-src/branches/PHP_5_4/main/php_variables.c =================================================================== --- php/php-src/branches/PHP_5_4/main/php_variables.c 2012-02-02 09:15:34 UTC (rev 323012) +++ php/php-src/branches/PHP_5_4/main/php_variables.c 2012-02-02 10:26:53 UTC (rev 323013) @@ -57,7 +57,7 @@ { char *p = NULL; char *ip; /* index pointer */ - char *index, *escaped_index = NULL; + char *index; char *var, *var_orig; int var_len, index_len; zval *gpc_element, **gpc_element_p; @@ -174,10 +174,14 @@ if (!index) { MAKE_STD_ZVAL(gpc_element); array_init(gpc_element); - zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); + if (zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p) == FAILURE) { + zval_ptr_dtor(&gpc_element); + zval_dtor(val); + free_alloca(var_orig, use_heap); + return; + } } else { - escaped_index = index; - if (zend_symtable_find(symtable1, escaped_index, index_len + 1, (void **) &gpc_element_p) == FAILURE + if (zend_symtable_find(symtable1, index, index_len + 1, (void **) &gpc_element_p) == FAILURE || Z_TYPE_PP(gpc_element_p) != IS_ARRAY) { if (zend_hash_num_elements(symtable1) <= PG(max_input_vars)) { if (zend_hash_num_elements(symtable1) == PG(max_input_vars)) { @@ -185,15 +189,13 @@ } MAKE_STD_ZVAL(gpc_element); array_init(gpc_element); - zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); + zend_symtable_update(symtable1, index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); } else { + zval_dtor(val); free_alloca(var_orig, use_heap); return; } } - if (index != escaped_index) { - efree(escaped_index); - } } symtable1 = Z_ARRVAL_PP(gpc_element_p); /* ip pointed to the '[' character, now obtain the key */ @@ -214,9 +216,10 @@ gpc_element->value = val->value; Z_TYPE_P(gpc_element) = Z_TYPE_P(val); if (!index) { - zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); + if (zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p) == FAILURE) { + zval_ptr_dtor(&gpc_element); + } } else { - escaped_index = index; /* * According to rfc2965, more specific paths are listed above the less specific ones. * If we encounter a duplicate cookie name, we should skip it, since it is not possible @@ -225,21 +228,18 @@ */ if (PG(http_globals)[TRACK_VARS_COOKIE] && symtable1 == Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_COOKIE]) && - zend_symtable_exists(symtable1, escaped_index, index_len + 1)) { + zend_symtable_exists(symtable1, index, index_len + 1)) { zval_ptr_dtor(&gpc_element); } else { if (zend_hash_num_elements(symtable1) <= PG(max_input_vars)) { if (zend_hash_num_elements(symtable1) == PG(max_input_vars)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); } - zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); + zend_symtable_update(symtable1, index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); } else { zval_ptr_dtor(&gpc_element); } } - if (escaped_index != index) { - efree(escaped_index); - } } } free_alloca(var_orig, use_heap); Modified: php/php-src/trunk/main/php_variables.c =================================================================== --- php/php-src/trunk/main/php_variables.c 2012-02-02 09:15:34 UTC (rev 323012) +++ php/php-src/trunk/main/php_variables.c 2012-02-02 10:26:53 UTC (rev 323013) @@ -57,7 +57,7 @@ { char *p = NULL; char *ip; /* index pointer */ - char *index, *escaped_index = NULL; + char *index; char *var, *var_orig; int var_len, index_len; zval *gpc_element, **gpc_element_p; @@ -174,10 +174,14 @@ if (!index) { MAKE_STD_ZVAL(gpc_element); array_init(gpc_element); - zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); + if (zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p) == FAILURE) { + zval_ptr_dtor(&gpc_element); + zval_dtor(val); + free_alloca(var_orig, use_heap); + return; + } } else { - escaped_index = index; - if (zend_symtable_find(symtable1, escaped_index, index_len + 1, (void **) &gpc_element_p) == FAILURE + if (zend_symtable_find(symtable1, index, index_len + 1, (void **) &gpc_element_p) == FAILURE || Z_TYPE_PP(gpc_element_p) != IS_ARRAY) { if (zend_hash_num_elements(symtable1) <= PG(max_input_vars)) { if (zend_hash_num_elements(symtable1) == PG(max_input_vars)) { @@ -185,15 +189,13 @@ } MAKE_STD_ZVAL(gpc_element); array_init(gpc_element); - zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); + zend_symtable_update(symtable1, index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); } else { + zval_dtor(val); free_alloca(var_orig, use_heap); return; } } - if (index != escaped_index) { - efree(escaped_index); - } } symtable1 = Z_ARRVAL_PP(gpc_element_p); /* ip pointed to the '[' character, now obtain the key */ @@ -214,9 +216,10 @@ gpc_element->value = val->value; Z_TYPE_P(gpc_element) = Z_TYPE_P(val); if (!index) { - zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); + if (zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p) == FAILURE) { + zval_ptr_dtor(&gpc_element); + } } else { - escaped_index = index; /* * According to rfc2965, more specific paths are listed above the less specific ones. * If we encounter a duplicate cookie name, we should skip it, since it is not possible @@ -225,21 +228,18 @@ */ if (PG(http_globals)[TRACK_VARS_COOKIE] && symtable1 == Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_COOKIE]) && - zend_symtable_exists(symtable1, escaped_index, index_len + 1)) { + zend_symtable_exists(symtable1, index, index_len + 1)) { zval_ptr_dtor(&gpc_element); } else { if (zend_hash_num_elements(symtable1) <= PG(max_input_vars)) { if (zend_hash_num_elements(symtable1) == PG(max_input_vars)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); } - zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); + zend_symtable_update(symtable1, index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); } else { zval_ptr_dtor(&gpc_element); } } - if (escaped_index != index) { - efree(escaped_index); - } } } free_alloca(var_orig, use_heap);
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php