From: Christoph M. Becker <cmbecker69@gmx.de>
Date: Wed, 30 Oct 2019 16:16:56 +0000 (+0100)
Subject: Fix #78762: Failing FFI::cast() may leak memory
X-Git-Tag: php-7.4.7RC1~541
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1e2d3d58a8b392385d926bdca11ba0a0bc2547b4;p=php

Fix #78762: Failing FFI::cast() may leak memory

We have to release objects when we're done with them.
---

diff --git a/NEWS b/NEWS
index 889c45f01a..17dd4756c1 100644
--- a/NEWS
+++ b/NEWS
@@ -18,6 +18,7 @@ PHP                                                                        NEWS
 - FFI:
   . Fixed bug #78716 (Function name mangling is wrong for some parameter 
     types). (cmb)
+  . Fixed bug #78762 (Failing FFI::cast() may leak memory). (cmb)
   . Implement FR #78270 (Support __vectorcall convention with FFI). (cmb)
 
 - FPM:
diff --git a/ext/ffi/ffi.c b/ext/ffi/ffi.c
index d231c8a930..08117cba83 100644
--- a/ext/ffi/ffi.c
+++ b/ext/ffi/ffi.c
@@ -3882,6 +3882,7 @@ ZEND_METHOD(FFI, cast) /* {{{ */
 		cdata->ptr = &cdata->ptr_holder;
 		cdata->ptr_holder = old_cdata->ptr;
 	} else if (type->size > old_type->size) {
+		zend_object_release(&cdata->std);
 		zend_throw_error(zend_ffi_exception_ce, "attempt to cast to larger type");
 		return;
 	} else if (ptr != &old_cdata->ptr_holder) {
diff --git a/ext/ffi/tests/bug78762.phpt b/ext/ffi/tests/bug78762.phpt
new file mode 100644
index 0000000000..5e078bf7c9
--- /dev/null
+++ b/ext/ffi/tests/bug78762.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Bug #78762 (Failing FFI::cast() may leak memory)
+--SKIPIF--
+<?php require_once('skipif.inc'); ?>
+--FILE--
+<?php
+try {
+    FFI::cast('char[10]', FFI::new('char[1]'));
+} catch (FFI\Exception $ex) {
+    echo $ex->getMessage(), PHP_EOL;
+}
+?>
+--EXPECT--
+attempt to cast to larger type