From: Zeev Suraski Date: Thu, 13 Apr 2000 15:56:02 +0000 (+0000) Subject: Fix a memory leak when using assign-op bitwise operators on strings X-Git-Tag: php-4.0RC2~397 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c6c261e922131b1249757fa5c142d2659b743996;p=php Fix a memory leak when using assign-op bitwise operators on strings --- diff --git a/Zend/zend_operators.c b/Zend/zend_operators.c index 60ce076a38..5b05a2d09c 100644 --- a/Zend/zend_operators.c +++ b/Zend/zend_operators.c @@ -727,7 +727,8 @@ ZEND_API int bitwise_or_function(zval *result, zval *op1, zval *op2) if (op1->type == IS_STRING && op2->type == IS_STRING) { zval *longer, *shorter; - int i; + char *result_str; + int i, result_len; if (op1->value.str.len >= op2->value.str.len) { longer = op1; @@ -738,11 +739,16 @@ ZEND_API int bitwise_or_function(zval *result, zval *op1, zval *op2) } result->type = IS_STRING; - result->value.str.len = longer->value.str.len; - result->value.str.val = estrndup(longer->value.str.val, longer->value.str.len); + result_len = longer->value.str.len; + result_str = estrndup(longer->value.str.val, longer->value.str.len); for (i = 0; i < shorter->value.str.len; i++) { - result->value.str.val[i] |= shorter->value.str.val[i]; + result_str[i] |= shorter->value.str.val[i]; + } + if (result==op1) { + efree(result->value.str.val); } + result->value.str.val = result_str; + result->value.str.len = result_len; return SUCCESS; } zendi_convert_to_long(op1, op1_copy, result); @@ -760,7 +766,8 @@ ZEND_API int bitwise_and_function(zval *result, zval *op1, zval *op2) if (op1->type == IS_STRING && op2->type == IS_STRING) { zval *longer, *shorter; - int i; + char *result_str; + int i, result_len; if (op1->value.str.len >= op2->value.str.len) { longer = op1; @@ -771,11 +778,16 @@ ZEND_API int bitwise_and_function(zval *result, zval *op1, zval *op2) } result->type = IS_STRING; - result->value.str.len = shorter->value.str.len; - result->value.str.val = estrndup(shorter->value.str.val, shorter->value.str.len); + result_len = shorter->value.str.len; + result_str = estrndup(shorter->value.str.val, shorter->value.str.len); for (i = 0; i < shorter->value.str.len; i++) { - result->value.str.val[i] &= longer->value.str.val[i]; + result_str[i] &= longer->value.str.val[i]; } + if (result==op1) { + efree(result->value.str.val); + } + result->value.str.val = result_str; + result->value.str.len = result_len; return SUCCESS; } @@ -795,7 +807,8 @@ ZEND_API int bitwise_xor_function(zval *result, zval *op1, zval *op2) if (op1->type == IS_STRING && op2->type == IS_STRING) { zval *longer, *shorter; - int i; + char *result_str; + int i, result_len; if (op1->value.str.len >= op2->value.str.len) { longer = op1; @@ -806,11 +819,16 @@ ZEND_API int bitwise_xor_function(zval *result, zval *op1, zval *op2) } result->type = IS_STRING; - result->value.str.len = shorter->value.str.len; - result->value.str.val = estrndup(shorter->value.str.val, shorter->value.str.len); + result_len = shorter->value.str.len; + result_str = estrndup(shorter->value.str.val, shorter->value.str.len); for (i = 0; i < shorter->value.str.len; i++) { - result->value.str.val[i] ^= longer->value.str.val[i]; + result_str[i] ^= longer->value.str.val[i]; + } + if (result==op1) { + efree(result->value.str.val); } + result->value.str.val = result_str; + result->value.str.len = result_len; return SUCCESS; }