archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 13:38:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge branch 'PHP-8.3' into PHP-8.4

Browse source 
* PHP-8.3:
  Fixed GH-17398: bcmul memory leak (#17615)
This commit is contained in:
Saki Takamachi 2025-01-29 19:15:10 +09:00
commit 4c90bb2da4
No known key found for this signature in database
GPG key ID: 770426E17EBBB3DD
5 changed files with 26 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

5
NEWS
View file

@ -2,6 +2,9 @@ PHP NEWS
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? ????, PHP 8.4.5 ?? ??? ????, PHP 8.4.5
- BCMath:
. Fixed bug GH-17398 (bcmul memory leak). (SakiTakamachi)
- DOM: - DOM:
. Fixed bug GH-17609 (Typo in error message: Dom\NO_DEFAULT_NS instead of . Fixed bug GH-17609 (Typo in error message: Dom\NO_DEFAULT_NS instead of
Dom\HTML_NO_DEFAULT_NS). (nielsdos) Dom\HTML_NO_DEFAULT_NS). (nielsdos)
@ -63,7 +66,7 @@ PHP NEWS
- Intl: - Intl:
. Fixed bug GH-11874 (intl causing segfault in docker images). (nielsdos) . Fixed bug GH-11874 (intl causing segfault in docker images). (nielsdos)
- Opcache: - Opcache:
. Fixed bug GH-15981 (Segfault with frameless jumps and minimal JIT). . Fixed bug GH-15981 (Segfault with frameless jumps and minimal JIT).
(nielsdos) (nielsdos)

6
ext/bcmath/bcmath.c
View file

@ -109,9 +109,9 @@ static PHP_GINIT_FUNCTION(bcmath)
/* {{{ PHP_GSHUTDOWN_FUNCTION */ /* {{{ PHP_GSHUTDOWN_FUNCTION */
static PHP_GSHUTDOWN_FUNCTION(bcmath) static PHP_GSHUTDOWN_FUNCTION(bcmath)
{ {
_bc_free_num_ex(&bcmath_globals->_zero_, 1); bc_force_free_number(&bcmath_globals->_zero_);
_bc_free_num_ex(&bcmath_globals->_one_, 1); bc_force_free_number(&bcmath_globals->_one_);
_bc_free_num_ex(&bcmath_globals->_two_, 1); bc_force_free_number(&bcmath_globals->_two_);
bcmath_globals->arena = NULL; bcmath_globals->arena = NULL;
bcmath_globals->arena_offset = 0; bcmath_globals->arena_offset = 0;
} }

2
ext/bcmath/libbcmath/src/bcmath.h
View file

@ -83,6 +83,8 @@ typedef struct bc_struct {
void bc_init_numbers(void); void bc_init_numbers(void);
void bc_force_free_number(bc_num *num);
bc_num _bc_new_num_ex(size_t length, size_t scale, bool persistent); bc_num _bc_new_num_ex(size_t length, size_t scale, bool persistent);
bc_num _bc_new_num_nonzeroed_ex(size_t length, size_t scale, bool persistent); bc_num _bc_new_num_nonzeroed_ex(size_t length, size_t scale, bool persistent);

7
ext/bcmath/libbcmath/src/init.c
View file

@ -97,6 +97,13 @@ void bc_init_numbers(void)
BCG(_two_)->n_value[0] = 2; BCG(_two_)->n_value[0] = 2;
} }
void bc_force_free_number(bc_num *num)
{
pefree((*num)->n_ptr, 1);
pefree(*num, 1);
*num = NULL;
}
/* Initialize a number NUM by making it a copy of zero. */ /* Initialize a number NUM by making it a copy of zero. */
void bc_init_num(bc_num *num) void bc_init_num(bc_num *num)

10
ext/bcmath/tests/gh17398.phpt Normal file
View file

@ -0,0 +1,10 @@
--TEST--
GH-17398 (bcmul memory leak)
--EXTENSIONS--
bcmath
--FILE--
<?php
bcmul('0', '0', 2147483647);
?>
--EXPECTF--
Fatal error: Allowed memory size of %d bytes exhausted%s(tried to allocate %d bytes) in %s on line %d