Fix #78762: Failing FFI::cast() may leak memory

We have to release objects when we're done with them.

diff --git a/NEWS b/NEWS
index 889c45f01a5162be8f63d609dee245e67b58c438..17dd4756c12b4c62832b0d12b7f05c7d950b7d99 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -18,6 +18,7 @@ PHP                                                                        NEWS
 - FFI:
   . Fixed bug #78716 (Function name mangling is wrong for some parameter 
     types). (cmb)
+  . Fixed bug #78762 (Failing FFI::cast() may leak memory). (cmb)
   . Implement FR #78270 (Support __vectorcall convention with FFI). (cmb)
 
 - FPM:

diff --git a/ext/ffi/ffi.c b/ext/ffi/ffi.c
index d231c8a930ab39c5a5fbc9707817ef053fe98b56..08117cba83697b020330663b9dd593ad569f2c20 100644 (file)
--- a/ext/ffi/ffi.c
+++ b/ext/ffi/ffi.c
@@ -3882,6 +3882,7 @@ ZEND_METHOD(FFI, cast) /* {{{ */
                cdata->ptr = &cdata->ptr_holder;
                cdata->ptr_holder = old_cdata->ptr;
        } else if (type->size > old_type->size) {
+               zend_object_release(&cdata->std);
                zend_throw_error(zend_ffi_exception_ce, "attempt to cast to larger type");
                return;
        } else if (ptr != &old_cdata->ptr_holder) {

diff --git a/ext/ffi/tests/bug78762.phpt b/ext/ffi/tests/bug78762.phpt
new file mode 100644 (file)
index 0000000..5e078bf
--- /dev/null
+++ b/ext/ffi/tests/bug78762.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Bug #78762 (Failing FFI::cast() may leak memory)
+--SKIPIF--
+<?php require_once('skipif.inc'); ?>
+--FILE--
+<?php
+try {
+    FFI::cast('char[10]', FFI::new('char[1]'));
+} catch (FFI\Exception $ex) {
+    echo $ex->getMessage(), PHP_EOL;
+}
+?>
+--EXPECT--
+attempt to cast to larger type