- MFH: Fix #43450 (Memory leak on some functions with implicit object

author Johannes Schlüter <johannes@php.net>

Fri, 21 Dec 2007 20:58:11 +0000 (20:58 +0000)

committer Johannes Schlüter <johannes@php.net>

Fri, 21 Dec 2007 20:58:11 +0000 (20:58 +0000)
author Johannes Schlüter <johannes@php.net>
Fri, 21 Dec 2007 20:58:11 +0000 (20:58 +0000)
committer Johannes Schlüter <johannes@php.net>
Fri, 21 Dec 2007 20:58:11 +0000 (20:58 +0000)
diff --git a/NEWS b/NEWS

index 5246b7f1d5029eaf5e4cb4f9fe2abdeb26a1c6a8..beef61b52c4ddebbff0a7f785863842ada817a74 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -23,6 +23,8 @@ PHP                                                                        NEWS
    (Ilia)
  - Fixed bug #43457 (Prepared statement with incorrect parms doesn't throw 
    exception with pdo_pgsql driver). (Ilia)
+- Fixed bug #43450 (Memory leak on some functions with implicit object 
+  __toString() call). (Davic C.)
  - Fixed bug #43386 (array_globals not reset to 0 properly on init). (Ilia)
  - Fixed bug #43377 (PHP crashes with invalid argument for DateTimeZone). (Ilia)
  - Fixed bug #43373 (pcntl_fork() should not raise E_ERROR on error). (Ilia)
diff --git a/Zend/tests/bug43450.phpt b/Zend/tests/bug43450.phpt

new file mode 100644 (file)

index 0000000..926e146
--- /dev/null
+++ b/Zend/tests/bug43450.phpt
@@ -0,0 +1,35 @@
+--TEST--
+Bug #43450 (Memory leak on some functions with implicit object __toString() call)
+--SKIPIF--
+<?php if (!function_exists('memory_get_usage')) die('memory_get_usage() not installed'); ?>
+--FILE--
+<?php
+error_reporting(E_ALL|E_STRICT);
+
+class Foo 
+{
+    public function __toString()
+       {
+           return __CLASS__;
+       }
+}
+
+$num_repeats = 100000;
+
+$start = (memory_get_usage() / 1024) + 16;
+for ($i=1;$i<$num_repeats;$i++) 
+{
+       $foo = new Foo();
+       md5($foo);
+}
+$end = memory_get_peak_usage() / 1024;
+
+if ($start < $end) {
+       echo 'FAIL';
+} else {
+       echo 'PASS';
+}
+
+?>
+--EXPECT--
+PASS
diff --git a/Zend/zend_object_handlers.c b/Zend/zend_object_handlers.c

index ea96ccad38d962de70f025a380d54716d15df796..85f4f9b4e691e50cb96d6ca8ce219909b87e2058 100644 (file)
--- a/Zend/zend_object_handlers.c
+++ b/Zend/zend_object_handlers.c
@@ -1105,6 +1105,9 @@ ZEND_API int zend_std_cast_object_tostring(zval *readobj, zval *writeobj, int ty
                  }
                                 if (Z_TYPE_P(retval) == IS_STRING) {
                                         INIT_PZVAL(writeobj);
+                                       if (readobj == writeobj) {
+                                               zval_dtor(readobj);
+                                       }
                                         ZVAL_ZVAL(writeobj, retval, 1, 1);
                                         if (Z_TYPE_P(writeobj) != type) {
                                                 convert_to_explicit_type(writeobj, type);
@@ -1113,6 +1116,9 @@ ZEND_API int zend_std_cast_object_tostring(zval *readobj, zval *writeobj, int ty
                                 } else {
                                         zval_ptr_dtor(&retval);
                                         INIT_PZVAL(writeobj);
+                                       if (readobj == writeobj) {
+                                               zval_dtor(readobj);
+                                       }
                                         ZVAL_EMPTY_STRING(writeobj);
                                         zend_error(E_RECOVERABLE_ERROR, "Method %s::__toString() must return a string value", ce->name);
                                         return SUCCESS;
@@ -1127,15 +1133,23 @@ ZEND_API int zend_std_cast_object_tostring(zval *readobj, zval *writeobj, int ty
                         ce = Z_OBJCE_P(readobj);
                         zend_error(E_NOTICE, "Object of class %s could not be converted to int", ce->name);
                         INIT_PZVAL(writeobj);
+                       if (readobj == writeobj) {
+                               zval_dtor(readobj);
+                       }
                         ZVAL_LONG(writeobj, 1);
                         return SUCCESS;
                 case IS_DOUBLE:
                         ce = Z_OBJCE_P(readobj);
                         zend_error(E_NOTICE, "Object of class %s could not be converted to double", ce->name);
                         INIT_PZVAL(writeobj);
+                       if (readobj == writeobj) {
+                               zval_dtor(readobj);
+                       }
                         ZVAL_DOUBLE(writeobj, 1);
                         return SUCCESS;
                 default:
+                       INIT_PZVAL(writeobj);
+                       Z_TYPE_P(writeobj) = IS_NULL;
                         break;
         }
         return FAILURE;
author	Johannes Schlüter <johannes@php.net>
	Fri, 21 Dec 2007 20:58:11 +0000 (20:58 +0000)
committer	Johannes Schlüter <johannes@php.net>
	Fri, 21 Dec 2007 20:58:11 +0000 (20:58 +0000)
NEWS		patch \| blob \| history
Zend/tests/bug43450.phpt	[new file with mode: 0644]	patch \| blob
Zend/zend_object_handlers.c		patch \| blob \| history