php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 00:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

ext/pcntl: Fix memory leak in cleanup code of pcntl_exec()

Browse Source
This commit is contained in:
Gina Peter Banyard
2024-12-15 22:11:37 +00:00
parent ee0daa59db
commit 2df9f32732
3 changed files with 34 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
NEWS
View File

@@ -23,6 +23,10 @@ PHP NEWS
- Opcache:
. opcache_get_configuration() properly reports jit_prof_threshold. (cmb)
- PCNTL:
. Fix memory leak in cleanup code of pcntl_exec() when a non stringable
value is encountered past the first entry. (Girgias)
- PgSql:
. Fixed bug GH-17158 (pg_fetch_result Shows Incorrect ArgumentCountError
Message when Called With 1 Argument). (nielsdos)

9
ext/pcntl/pcntl.c
View File

@@ -540,7 +540,9 @@ PHP_FUNCTION(pcntl_exec)
envs_hash = Z_ARRVAL_P(envs);
envc = zend_hash_num_elements(envs_hash);
pair = envp = safe_emalloc((envc + 1), sizeof(char *), 0);
size_t envp_len = (envc + 1);
pair = envp = safe_emalloc(envp_len, sizeof(char *), 0);
memset(envp, 0, sizeof(char *) * envp_len);
ZEND_HASH_FOREACH_KEY_VAL(envs_hash, key_num, key, element) {
if (envi >= envc) break;
if (!key) {
@@ -551,9 +553,7 @@ PHP_FUNCTION(pcntl_exec)
if (!try_convert_to_string(element)) {
zend_string_release(key);
efree(argv);
efree(envp);
RETURN_THROWS();
goto cleanup_env_vars;
}
/* Length of element + equal sign + length of key + null */
@@ -576,6 +576,7 @@ PHP_FUNCTION(pcntl_exec)
php_error_docref(NULL, E_WARNING, "Error has occurred: (errno %d) %s", errno, strerror(errno));
}
cleanup_env_vars:
/* Cleanup */
for (pair = envp; *pair != NULL; pair++) efree(*pair);
efree(envp);

25
ext/pcntl/tests/pcntl_exec_invalid_strings.phpt Normal file
View File

@@ -0,0 +1,25 @@
--TEST--
pcntl_exec(): Test cleanup after non-stringable array value has been encountered for $args and $env_vars.
--EXTENSIONS--
pcntl
--FILE--
<?php
try {
pcntl_exec('cmd', ['-n', new stdClass()]);
} catch (Throwable $e) {
echo $e::class, ': ', $e->getMessage(), "\n";
}
try {
pcntl_exec(
'cmd',
['-n'],
['var1' => 'value1', 'var2' => new stdClass()],
);
} catch (Throwable $e) {
echo $e::class, ': ', $e->getMessage(), "\n";
}
?>
--EXPECT--
Error: Object of class stdClass could not be converted to string
Error: Object of class stdClass could not be converted to string