From 4656c22526e112a67399d0069ae490cdc610ec12 Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> Date: Fri, 13 Dec 2024 18:12:46 +0100 Subject: [PATCH] Fix GH-17145: DOM memory leak Because the use of RETURN instead of RETVAL, the freeing code could not be executed. This only is triggerable if the content of the attribute is mixed text and entities, so it wasn't noticed earlier. Closes GH-17147. --- NEWS | 3 +++ ext/dom/php_dom.c | 2 +- ext/dom/tests/gh17145.phpt | 22 ++++++++++++++++++++++ 3 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 ext/dom/tests/gh17145.phpt diff --git a/NEWS b/NEWS index d99b213b96b..8cbe2da10b0 100644 --- a/NEWS +++ b/NEWS @@ -17,6 +17,9 @@ PHP NEWS - DBA: . Skip test if inifile is disabled. (orlitzky) +- DOM: + . Fixed bug GH-17145 (DOM memory leak). (nielsdos) + - FFI: . Fixed bug #79075 (FFI header parser chokes on comments). (nielsdos) diff --git a/ext/dom/php_dom.c b/ext/dom/php_dom.c index c8372ef8e17..9c1dc5f61d3 100644 --- a/ext/dom/php_dom.c +++ b/ext/dom/php_dom.c @@ -2375,7 +2375,7 @@ void php_dom_get_content_into_zval(const xmlNode *nodep, zval *return_value, boo case XML_ATTRIBUTE_NODE: { bool free; xmlChar *value = php_libxml_attr_value((const xmlAttr *) nodep, &free); - RETURN_STRING_FAST((const char *) value); + RETVAL_STRING_FAST((const char *) value); if (free) { xmlFree(value); } diff --git a/ext/dom/tests/gh17145.phpt b/ext/dom/tests/gh17145.phpt new file mode 100644 index 00000000000..7a10e5e5bb6 --- /dev/null +++ b/ext/dom/tests/gh17145.phpt @@ -0,0 +1,22 @@ +--TEST-- +GH-17145 (DOM memory leak) +--EXTENSIONS-- +dom +--CREDITS-- +YuanchengJiang +--SKIPIF-- + +--FILE-- +appendChild($element); +$element->setAttributeNodeNS($attr); +$attr->appendChild($doc->createEntityReference('amp')); +echo $attr->value; +?> +--EXPECT-- +n&