]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: da786a2)
Fix memory leak on socket_sendmsg() / socket_recvmsg() error
authorNikita Popov <nikita.ppv@gmail.com>
Wed, 5 Aug 2020 08:55:41 +0000 (10:55 +0200)
committerNikita Popov <nikita.ppv@gmail.com>
Wed, 5 Aug 2020 14:41:40 +0000 (16:41 +0200)
ext/sockets/sendrecvmsg.c patch | blob | history
ext/sockets/tests/socket_sendrecvmsg_error.phpt [new file with mode: 0644] patch | blob

diff --git a/ext/sockets/sendrecvmsg.c b/ext/sockets/sendrecvmsg.c
index 4cf9fcdb658f180efc3e2523057e2ca4bb961bb7..7d1265c3e728073a96aded7fea938e82a7fef25c 100644 (file)
--- a/ext/sockets/sendrecvmsg.c
+++ b/ext/sockets/sendrecvmsg.c
@@ -197,14 +197,13 @@ PHP_FUNCTION(socket_sendmsg)
        res = sendmsg(php_sock->bsd_socket, msghdr, (int)flags);
 
        if (res != -1) {
-               zend_llist_destroy(allocations);
-               efree(allocations);
-
-               RETURN_LONG((zend_long)res);
+               RETVAL_LONG((zend_long)res);
        } else {
                PHP_SOCKET_ERROR(php_sock, "error in sendmsg", errno);
-               RETURN_FALSE;
+               RETVAL_FALSE;
        }
+
+       allocations_dispose(&allocations);
 }
 
 PHP_FUNCTION(socket_recvmsg)
@@ -254,7 +253,6 @@ PHP_FUNCTION(socket_recvmsg)
 
                /* we don;t need msghdr anymore; free it */
                msghdr = NULL;
-               allocations_dispose(&allocations);
 
                zval_ptr_dtor(zmsg);
                if (!err.has_error) {
@@ -265,14 +263,15 @@ PHP_FUNCTION(socket_recvmsg)
                        /* no need to destroy/free zres -- it's NULL in this circumstance */
                        assert(zres == NULL);
                }
+               RETVAL_LONG((zend_long)res);
        } else {
                SOCKETS_G(last_error) = errno;
                php_error_docref(NULL, E_WARNING, "error in recvmsg [%d]: %s",
                                errno, sockets_strerror(errno));
-               RETURN_FALSE;
+               RETVAL_FALSE;
        }
 
-       RETURN_LONG((zend_long)res);
+       allocations_dispose(&allocations);
 }
 
 PHP_FUNCTION(socket_cmsg_space)
diff --git a/ext/sockets/tests/socket_sendrecvmsg_error.phpt b/ext/sockets/tests/socket_sendrecvmsg_error.phpt
new file mode 100644 (file)
index 0000000..8cd353c
--- /dev/null
+++ b/ext/sockets/tests/socket_sendrecvmsg_error.phpt
@@ -0,0 +1,15 @@
+--TEST--
+Error during socket_sendmsg() or socket_recvmsg()
+--FILE--
+<?php
+
+$socket = socket_create(AF_INET, SOCK_DGRAM, SOL_UDP);
+socket_sendmsg($socket, [], -1);
+$message = ['controllen' => 1];
+socket_recvmsg($socket, $message, -1);
+
+?>
+--EXPECTF--
+Warning: socket_sendmsg(): error in sendmsg [%d]: %a in %s on line %d
+
+Warning: socket_recvmsg(): error in recvmsg [%d]: %a in %s on line %d
Unnamed repository; edit this file 'description' to name the repository.