Fix bug #61264: xmlrpc_parse_method_descriptions leaks temporary variable

diff --git a/NEWS b/NEWS
index 0a2cec1295136e1ab8b84e993b7374bba6349e03..a379c918cf17fcd6619a32fbdb70facc55658281 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -73,6 +73,7 @@ PHP                                                                        NEWS
 
 - XMLRPC:
   . Fixed bug #61097 (Memory leak in xmlrpc functions copying zvals). (Nikic)
+  . Fixed bug #61264 (xmlrpc_parse_method_descriptions leaks temporary variable). (Nikita Popov)
 
 - Zlib:
   . Fixed bug #61139 (gzopen leaks when specifying invalid mode). (Nikic)

diff --git a/ext/xmlrpc/tests/bug61264.phpt b/ext/xmlrpc/tests/bug61264.phpt
new file mode 100644 (file)
index 0000000..b1da27f
--- /dev/null
+++ b/ext/xmlrpc/tests/bug61264.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Bug #61264: xmlrpc_parse_method_descriptions leaks temporary variable
+--FILE--
+<?php
+$xml = <<<XML
+<?xml version="1.0" encoding="utf-8"?>
+<a>
+ <b>foo</b>
+</a>
+XML;
+var_dump(xmlrpc_parse_method_descriptions($xml));
+?>
+--EXPECT--
+array(1) {
+  ["b"]=>
+  string(3) "foo"
+}

diff --git a/ext/xmlrpc/xmlrpc-epi-php.c b/ext/xmlrpc/xmlrpc-epi-php.c
index 13886c75373949304d8c7dc2c0fe9ef23db231c2..cf5e257113c3bf3fd1cf37020adc811c370f3991 100644 (file)
--- a/ext/xmlrpc/xmlrpc-epi-php.c
+++ b/ext/xmlrpc/xmlrpc-epi-php.c
@@ -1240,8 +1240,7 @@ PHP_FUNCTION(xmlrpc_parse_method_descriptions)
                        retval = XMLRPC_to_PHP(xVal);
 
                        if (retval) {
-                               *return_value = *retval;
-                               zval_copy_ctor(return_value);
+                               RETVAL_ZVAL(retval, 1, 1);
                        }
                        /* dust, sweep, and mop */
                        XMLRPC_CleanupValue(xVal);