From 09b16f0b58a87bdc85015d8693d7fa569fb618dd Mon Sep 17 00:00:00 2001
From: Antony Dovgal <tony2001@php.net>
Date: Tue, 14 Feb 2006 22:11:36 +0000
Subject: [PATCH] MF51: fix leak in zend_strtod() on big doubles add new test

---
 Zend/tests/zend_strtod.phpt | 17 +++++++++++++++++
 Zend/zend_strtod.c          | 18 +++++++++++++++++-
 2 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 Zend/tests/zend_strtod.phpt

diff --git a/Zend/tests/zend_strtod.phpt b/Zend/tests/zend_strtod.phpt
new file mode 100644
index 0000000000..32d1c0abae
--- /dev/null
+++ b/Zend/tests/zend_strtod.phpt
@@ -0,0 +1,17 @@
+--TEST--
+zend_strtod() leaks on big doubles
+--FILE--
+<?php
+var_dump("1139932690.21688500" - "1139932790.21688500");
+var_dump("1139932690000.21688500" - "331139932790.21688500");
+var_dump("339932690.21688500" - "4564645646456463461139932790.21688500");
+var_dump("123123139932690.21688500" - "11399327900000000.21688500");
+
+echo "Done\n";
+?>
+--EXPECTF--	
+float(-100)
+float(808792757210)
+float(-4.5646456464565E+27)
+float(-11276204760067000)
+Done
diff --git a/Zend/zend_strtod.c b/Zend/zend_strtod.c
index 1810c5bf27..3a50af29c8 100644
--- a/Zend/zend_strtod.c
+++ b/Zend/zend_strtod.c
@@ -1252,7 +1252,7 @@ zend_strtod
 	_double rv, rv0;
 	Long L;
 	ULong y, z;
-	Bigint *bb, *bb1, *bd, *bd0, *bs, *delta;
+	Bigint *bb, *bb1, *bd, *bd0, *bs, *delta, *tmp;
 	double result;
 
 	CONST char decimal_point = '.';
@@ -1778,6 +1778,22 @@ zend_strtod
 	if (se)
 		*se = (char *)s;
 	result = sign ? -value(rv) : value(rv);
+		
+	for (i = 0; i <= Kmax; i++) {
+		Bigint **listp = &freelist[i];
+		while ((tmp = *listp) != NULL) {
+			*listp = tmp->next;
+			free(tmp);
+		}
+		freelist[i] = NULL;
+	}
+	
+	while (p5s) {
+		tmp = p5s;
+		p5s = p5s->next;
+		free(tmp);
+	}
+	
 	return result;
 	}
 
-- 
2.50.1