From: Zeev Suraski <zeev@php.net>
Date: Mon, 10 May 1999 20:46:42 +0000 (+0000)
Subject: Weed out all BoundsChecker-found bugs (including a serious file descriptor leak
X-Git-Tag: BEFORE_PHP4_APACHE_MODULE_CHANGE~72
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=74a9ed7b3f0b9a11c197612a100c50f041747ad0;p=php

Weed out all BoundsChecker-found bugs (including a serious file descriptor leak
in the C++ scanner)
---

diff --git a/Zend/zend-scanner.h b/Zend/zend-scanner.h
index d97817c89d..bdc1ee9f06 100644
--- a/Zend/zend-scanner.h
+++ b/Zend/zend-scanner.h
@@ -21,6 +21,7 @@
 class ZendFlexLexer : public yyFlexLexer
 {
 public:
+	virtual ~ZendFlexLexer();
 	int lex_scan(zval *zendlval CLS_DC);
 	void BeginState(int state);
 };
diff --git a/Zend/zend-scanner.l b/Zend/zend-scanner.l
index 313dc03354..6eadc7374c 100644
--- a/Zend/zend-scanner.l
+++ b/Zend/zend-scanner.l
@@ -31,6 +31,7 @@
 
 #if WIN32|WINNT
 #include <winsock.h>
+#include <io.h>
 #endif
 
 #include <errno.h>
@@ -146,59 +147,78 @@ inline void restore_lexical_state(zend_lex_state *lex_state CLS_DC)
 	BEGIN(lex_state->state);
 	zend_restore_compiled_filename(lex_state->filename);
 #else
-	delete(CG(ZFL));
+	delete((ZendFlexLexer *) CG(ZFL));
 	CG(ZFL) = lex_state->ZFL;
 #endif
 }
 
 
 BEGIN_EXTERN_C()
+ZEND_API void zend_close_file_handle(zend_file_handle *file_handle)
+{
+	switch (file_handle->type) {
+		case ZEND_HANDLE_FILENAME:
+			break;
+		case ZEND_HANDLE_FD:
+			close(file_handle->handle.fd);
+			break;
+		case ZEND_HANDLE_FP:
+			fclose(file_handle->handle.fp);
+			break;
+#ifdef ZTS
+		case ZEND_HANDLE_ISTREAM:
+			delete file_handle->handle.is;
+			break;
+#endif
+	}
+}
+
 ZEND_API inline int open_file_for_scanning(zend_file_handle *file_handle CLS_DC)
 {
 #ifndef ZTS
-	FILE *tmp;
 	YY_BUFFER_STATE buffer_state = YY_CURRENT_BUFFER;
 
 	switch (file_handle->type) {
 		case ZEND_HANDLE_FILENAME:
-			tmp = zend_fopen(file_handle->filename);
+			file_handle->handle.fp = zend_fopen(file_handle->filename);
 			break;
 		case ZEND_HANDLE_FD:
-			tmp = fdopen(file_handle->handle.fd, "r");
+			file_handle->handle.fp = fdopen(file_handle->handle.fd, "r");
 			break;
 		case ZEND_HANDLE_FP:
-			tmp = file_handle->handle.fp;
+			file_handle->handle.fp = file_handle->handle.fp;
 			break;
 	}
-	if (!tmp) {
+	if (!file_handle->handle.fp) {
 		return FAILURE;
 	}
+	file_handle->type = ZEND_HANDLE_FP;
 	
 	/* Reset the scanner for scanning the new file */
-	yyin = tmp;
+	yyin = file_handle->handle.fp;
 	yy_switch_to_buffer(yy_create_buffer(yyin, YY_BUF_SIZE));
 	BEGIN(INITIAL);
 #else
-	ifstream *input_file;
-
 	switch (file_handle->type) {
 		case ZEND_HANDLE_FD:
-			input_file = new ifstream(file_handle->handle.fd);
+			file_handle->handle.is = new ifstream(file_handle->handle.fd);
 			break;
 		case ZEND_HANDLE_FILENAME:
-			input_file = new ifstream(file_handle->filename);
+			file_handle->handle.is = new ifstream(file_handle->filename);
 			break;
 		case ZEND_HANDLE_FP:
 			if (file_handle->handle.fp==stdin) {
-				input_file = (ifstream *) &cin;
+				file_handle->handle.is = (ifstream *) &cin;
 			} else {
-				input_file = new ifstream(file_handle->filename);
+				fclose(file_handle->handle.fp);
+				file_handle->handle.is = new ifstream(file_handle->filename);
 			}	
 			break;
 	}
-	CG(ZFL) = new ZendFlexLexer;
+	file_handle->type = ZEND_HANDLE_ISTREAM;
 
-	CG(ZFL)->switch_streams(input_file, &cout);
+	CG(ZFL) = new ZendFlexLexer;
+	CG(ZFL)->switch_streams(file_handle->handle.is, &cout);
 #endif
 	zend_set_compiled_filename(file_handle->filename);
 	CG(zend_lineno) = 1;
@@ -249,9 +269,7 @@ ZEND_API zend_op_array *v_compile_files(int mark_as_ref CLS_DC, int file_count,
 				retval = NULL;
 				break;
 			} else {
-#ifndef ZTS
-				fclose(yyin);
-#endif
+				zend_close_file_handle(file_handle);
 				restore_lexical_state(&original_lex_state CLS_CC);
 				CG(active_op_array) = original_active_op_array;
 				retval = op_array;
@@ -375,9 +393,7 @@ int require_file(zend_file_handle *file_handle CLS_DC)
 		return FAILURE;
 	}
 	zendparse(CLS_C);
-#ifndef ZTS
-	fclose(yyin);
-#endif
+	zend_close_file_handle(file_handle);
 	restore_lexical_state(&original_lex_state CLS_CC);
 	return SUCCESS;
 }
@@ -397,9 +413,7 @@ int highlight_file(char *filename, zend_syntax_highlighter_ini *syntax_highlight
 		return FAILURE;
 	}
 	zend_highlight(syntax_highlighter_ini);
-#ifndef ZTS
-	fclose(yyin);
-#endif
+	zend_close_file_handle(&file_handle);
 	restore_lexical_state(&original_lex_state CLS_CC);
 	return SUCCESS;
 }
@@ -451,6 +465,14 @@ void ZendFlexLexer::BeginState(int state)
 }
 
 
+ZendFlexLexer::~ZendFlexLexer()
+{
+	if (yy_start_stack) {
+		yy_flex_free(yy_start_stack);
+	}
+}
+
+
 int yyFlexLexer::yylex()
 {
 	fprintf(stderr, "Error:  yyFlexLexer::yylex() called\n");
diff --git a/Zend/zend.c b/Zend/zend.c
index 70e65349ed..ef436f8940 100644
--- a/Zend/zend.c
+++ b/Zend/zend.c
@@ -194,10 +194,14 @@ static void compiler_globals_ctor(zend_compiler_globals *compiler_globals)
 
 static void compiler_globals_dtor(zend_compiler_globals *compiler_globals)
 {
-	zend_hash_destroy(compiler_globals->function_table);
-	free(compiler_globals->function_table);
-	zend_hash_destroy(compiler_globals->class_table);
-	free(compiler_globals->class_table);
+	if (compiler_globals->function_table != global_function_table) {
+		zend_hash_destroy(compiler_globals->function_table);
+		free(compiler_globals->function_table);
+	}
+	if (compiler_globals->class_table != global_class_table) {
+		zend_hash_destroy(compiler_globals->class_table);
+		free(compiler_globals->class_table);
+	}
 }
 
 
@@ -271,8 +275,7 @@ int zend_startup(zend_utility_functions *utility_functions, char **extensions)
 	executor_globals_id = ts_allocate_id(sizeof(zend_executor_globals), (void (*)(void *)) executor_globals_ctor, (void (*)(void *)) executor_globals_dtor);
 	compiler_globals = ts_resource(compiler_globals_id);
 	executor_globals = ts_resource(executor_globals_id);
-	zend_hash_destroy(compiler_globals->function_table);
-	zend_hash_destroy(compiler_globals->class_table);
+	compiler_globals_dtor(compiler_globals);
 	compiler_globals->function_table = GLOBAL_FUNCTION_TABLE;
 	compiler_globals->class_table = GLOBAL_CLASS_TABLE;
 #endif
diff --git a/Zend/zend_alloc.c b/Zend/zend_alloc.c
index c4a431e8e8..21bcc40c0f 100644
--- a/Zend/zend_alloc.c
+++ b/Zend/zend_alloc.c
@@ -459,6 +459,12 @@ ZEND_API int _mem_block_check(void *ptr, int silent, char *filename, int lineno)
 			fprintf(stderr,"Unknown\n");
 		}
 	}
+
+	if (had_problems) {
+		int foo = 5;
+
+		foo+=1;
+	}
 		
 	if (!silent) {
 		fprintf(stderr,"---------------------------------------\n");
diff --git a/Zend/zend_compile.h b/Zend/zend_compile.h
index 9faeee03c7..8002c66ce1 100644
--- a/Zend/zend_compile.h
+++ b/Zend/zend_compile.h
@@ -340,6 +340,7 @@ ZEND_API zend_op_array *compile_filename(zval *filename CLS_DC);
 ZEND_API inline int open_file_for_scanning(zend_file_handle *file_handle CLS_DC);
 ZEND_API void init_op_array(zend_op_array *op_array, int initial_ops_size);
 ZEND_API void destroy_op_array(zend_op_array *op_array);
+ZEND_API void zend_close_file_handle(zend_file_handle *file_handle);
 END_EXTERN_C()
 
 ZEND_API void destroy_zend_function(zend_function *function);