From: Dmitry Stogov Date: Thu, 2 Feb 2012 10:26:53 +0000 (+0000) Subject: Fixed memory leaks X-Git-Tag: php-5.5.0alpha1~567 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=29a909edcc9599797bb8f12adaf8c51d9067a8b2;p=php Fixed memory leaks --- diff --git a/main/php_variables.c b/main/php_variables.c index 995497c42d..f544b7a60e 100644 --- a/main/php_variables.c +++ b/main/php_variables.c @@ -57,7 +57,7 @@ PHPAPI void php_register_variable_ex(char *var_name, zval *val, zval *track_vars { char *p = NULL; char *ip; /* index pointer */ - char *index, *escaped_index = NULL; + char *index; char *var, *var_orig; int var_len, index_len; zval *gpc_element, **gpc_element_p; @@ -174,10 +174,14 @@ PHPAPI void php_register_variable_ex(char *var_name, zval *val, zval *track_vars if (!index) { MAKE_STD_ZVAL(gpc_element); array_init(gpc_element); - zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); + if (zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p) == FAILURE) { + zval_ptr_dtor(&gpc_element); + zval_dtor(val); + free_alloca(var_orig, use_heap); + return; + } } else { - escaped_index = index; - if (zend_symtable_find(symtable1, escaped_index, index_len + 1, (void **) &gpc_element_p) == FAILURE + if (zend_symtable_find(symtable1, index, index_len + 1, (void **) &gpc_element_p) == FAILURE || Z_TYPE_PP(gpc_element_p) != IS_ARRAY) { if (zend_hash_num_elements(symtable1) <= PG(max_input_vars)) { if (zend_hash_num_elements(symtable1) == PG(max_input_vars)) { @@ -185,15 +189,13 @@ PHPAPI void php_register_variable_ex(char *var_name, zval *val, zval *track_vars } MAKE_STD_ZVAL(gpc_element); array_init(gpc_element); - zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); + zend_symtable_update(symtable1, index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); } else { + zval_dtor(val); free_alloca(var_orig, use_heap); return; } } - if (index != escaped_index) { - efree(escaped_index); - } } symtable1 = Z_ARRVAL_PP(gpc_element_p); /* ip pointed to the '[' character, now obtain the key */ @@ -214,9 +216,10 @@ plain_var: gpc_element->value = val->value; Z_TYPE_P(gpc_element) = Z_TYPE_P(val); if (!index) { - zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); + if (zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p) == FAILURE) { + zval_ptr_dtor(&gpc_element); + } } else { - escaped_index = index; /* * According to rfc2965, more specific paths are listed above the less specific ones. * If we encounter a duplicate cookie name, we should skip it, since it is not possible @@ -225,21 +228,18 @@ plain_var: */ if (PG(http_globals)[TRACK_VARS_COOKIE] && symtable1 == Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_COOKIE]) && - zend_symtable_exists(symtable1, escaped_index, index_len + 1)) { + zend_symtable_exists(symtable1, index, index_len + 1)) { zval_ptr_dtor(&gpc_element); } else { if (zend_hash_num_elements(symtable1) <= PG(max_input_vars)) { if (zend_hash_num_elements(symtable1) == PG(max_input_vars)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); } - zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); + zend_symtable_update(symtable1, index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); } else { zval_ptr_dtor(&gpc_element); } } - if (escaped_index != index) { - efree(escaped_index); - } } } free_alloca(var_orig, use_heap);