From 4f1103ef3b921ddf2e0df497b09829a3b4382a65 Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> Date: Wed, 15 Nov 2023 20:15:44 +0100 Subject: [PATCH 1/2] Fix GH-12675: MEMORY_LEAK in phpdbg_prompt.c Have to use file_put_contents() instead of --FILE-- because we have to actually load it using the exec command, *and* have to make multiple files, and note that we can only load files relative from the current directory, so we can't rely on files being in the sapi/phpdbg/tests folder. Closes GH-12680. --- NEWS | 3 +++ sapi/phpdbg/phpdbg_prompt.c | 2 ++ sapi/phpdbg/tests/gh12675.phpt | 32 ++++++++++++++++++++++++++++++++ 3 files changed, 37 insertions(+) create mode 100644 sapi/phpdbg/tests/gh12675.phpt diff --git a/NEWS b/NEWS index a592ec6de97..1f09639a2f1 100644 --- a/NEWS +++ b/NEWS @@ -8,6 +8,9 @@ PHP NEWS - PCRE: . Fixed bug GH-12628 (The gh11374 test fails on Alpinelinux). (nielsdos) +- PHPDBG: + . Fixed bug GH-12675 (MEMORY_LEAK in phpdbg_prompt.c). (nielsdos) + - Standard: . Fix memory leak in syslog device handling. (danog) . Fixed bug GH-12621 (browscap segmentation fault when configured in the diff --git a/sapi/phpdbg/phpdbg_prompt.c b/sapi/phpdbg/phpdbg_prompt.c index 2464e39e568..ffc40cb0c96 100644 --- a/sapi/phpdbg/phpdbg_prompt.c +++ b/sapi/phpdbg/phpdbg_prompt.c @@ -408,6 +408,7 @@ PHPDBG_COMMAND(exec) /* {{{ */ if ((res_len != PHPDBG_G(exec_len)) || (memcmp(res, PHPDBG_G(exec), res_len) != SUCCESS)) { if (PHPDBG_G(in_execution)) { if (phpdbg_ask_user_permission("Do you really want to stop execution to set a new execution context?") == FAILURE) { + free(res); return FAILURE; } } @@ -441,6 +442,7 @@ PHPDBG_COMMAND(exec) /* {{{ */ phpdbg_compile(); } else { + free(res); phpdbg_notice("Execution context not changed"); } } else { diff --git a/sapi/phpdbg/tests/gh12675.phpt b/sapi/phpdbg/tests/gh12675.phpt new file mode 100644 index 00000000000..167e68595df --- /dev/null +++ b/sapi/phpdbg/tests/gh12675.phpt @@ -0,0 +1,32 @@ +--TEST-- +GH-12675 (MEMORY_LEAK in phpdbg_prompt.c) +--INI-- +opcache.enable=0 +--PHPDBG-- +ev file_put_contents("gh12675_1.tmp", " 24 +prompt> 16 +prompt> [Cannot stat nonexistent.php, ensure the file exists] +prompt> [Set execution context: %sgh12675_1.tmp] +[Successful compilation of %sgh12675_1.tmp] +prompt> [Execution context not changed] +prompt> [Breakpoint #0 added at %sgh12675_1.tmp:2] +prompt> hi +[Breakpoint #0 at %sgh12675_1.tmp:2, hits: 1] +>00002: echo 2; +prompt> Do you really want to stop execution to set a new execution context? (type y or n): prompt> +--CLEAN-- + From f320c3561e09a02e2ad06cf5d604a836180d00d7 Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> Date: Wed, 15 Nov 2023 20:27:02 +0100 Subject: [PATCH 2/2] Use __DIR__-relative path in tests Otherwise we can't run them from another directory, they'll fail instead. --- ext/exif/tests/bug78793.phpt | 2 +- ext/soap/tests/bug75306.phpt | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ext/exif/tests/bug78793.phpt b/ext/exif/tests/bug78793.phpt index 93d728ff6d1..babbe927045 100644 --- a/ext/exif/tests/bug78793.phpt +++ b/ext/exif/tests/bug78793.phpt @@ -4,7 +4,7 @@ Bug #78793: Use-after-free in exif parsing under memory sanitizer exif --FILE-- WSDL_CACHE_NONE); // Need a warm-up for globals for ($i = 0; $i < 10; $i++) { - $client = new SoapClient("ext/soap/tests/test.wsdl", $options); + $client = new SoapClient(__DIR__ . "/test.wsdl", $options); } $usage = memory_get_usage(); for ($i = 0; $i < 10; $i++) { - $client = new SoapClient("ext/soap/tests/test.wsdl", $options); + $client = new SoapClient(__DIR__ . "/test.wsdl", $options); } $usage_delta = memory_get_usage() - $usage; var_dump($usage_delta);