Fixed Bug #61961 (file_get_content leaks when access empty file with max length)

author Reeze Xia <reeze.xia@gmail.com>

Sun, 6 May 2012 10:27:26 +0000 (18:27 +0800)

committer Reeze Xia <reeze.xia@gmail.com>

Sun, 6 May 2012 10:27:26 +0000 (18:27 +0800)
author Reeze Xia <reeze.xia@gmail.com>
Sun, 6 May 2012 10:27:26 +0000 (18:27 +0800)
committer Reeze Xia <reeze.xia@gmail.com>
Sun, 6 May 2012 10:27:26 +0000 (18:27 +0800)
diff --git a/ext/standard/tests/file/bug61961.phpt b/ext/standard/tests/file/bug61961.phpt

new file mode 100644 (file)

index 0000000..ff0279a
--- /dev/null
+++ b/ext/standard/tests/file/bug61961.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Bug #61961 (file_get_content leaks when access empty file with max length)
+--FILE--
+<?php
+$tmp_empty_file = __FILE__ . ".tmp";
+file_put_contents($tmp_empty_file, "");
+
+var_dump(file_get_contents($tmp_empty_file, NULL, NULL, NULL, 10));
+unlink($tmp_empty_file);
+?>
+==DONE==
+--EXPECT--
+string(0) ""
+==DONE==
+\ No newline at end of file
diff --git a/main/streams/streams.c b/main/streams/streams.c

index 116c0aa045eb8bb7c3573558b2bf811b99320394..fe7800b9feb68a1945bd5f8070d6956e2b8edc40 100755 (executable)
--- a/main/streams/streams.c
+++ b/main/streams/streams.c
@@ -1366,7 +1366,12 @@ PHPAPI size_t _php_stream_copy_to_mem(php_stream *src, char **buf, size_t maxlen
                         len += ret;
                         ptr += ret;
                 }
-               *ptr = '\0';
+               if (len) {
+                       *ptr = '\0';
+               } else {
+                       pefree(*buf, persistent);
+                       *buf = NULL;
+               }
                 return len;
         }
author	Reeze Xia <reeze.xia@gmail.com>
	Sun, 6 May 2012 10:27:26 +0000 (18:27 +0800)
committer	Reeze Xia <reeze.xia@gmail.com>
	Sun, 6 May 2012 10:27:26 +0000 (18:27 +0800)
ext/standard/tests/file/bug61961.phpt	[new file with mode: 0644]	patch \| blob
main/streams/streams.c		patch \| blob \| history