archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge branch 'PHP-8.2' into PHP-8.3

Browse source 
* PHP-8.2:
  Fix GH-11878: SQLite3 callback functions cause a memory leak with a callable array
This commit is contained in:
Niels Dossche 2023-09-09 15:35:03 +02:00
commit cb6fac5b8a
3 changed files with 72 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
NEWS
View file

@ -40,6 +40,10 @@ PHP NEWS
. Fixed bug GH-12151 (str_getcsv ending with escape zero segfualt). . Fixed bug GH-12151 (str_getcsv ending with escape zero segfualt).
(Jakub Zelenka) (Jakub Zelenka)
- SQLite3:
. Fixed bug GH-11878 (SQLite3 callback functions cause a memory leak with
a callable array). (nielsdos, arnaud-lb)
31 Aug 2023, PHP 8.3.0RC1 31 Aug 2023, PHP 8.3.0RC1
- Core: - Core:

37
ext/sqlite3/sqlite3.c
View file

@ -2245,6 +2245,42 @@ static void php_sqlite3_object_free_storage(zend_object *object) /* {{{ */
} }
/* }}} */ /* }}} */
static HashTable *php_sqlite3_get_gc(zend_object *object, zval **table, int *n)
{
php_sqlite3_db_object *intern = php_sqlite3_db_from_obj(object);
if (intern->funcs == NULL && intern->collations == NULL) {
/* Fast path without allocations */
*table = NULL;
*n = 0;
return zend_std_get_gc(object, table, n);
} else {
zend_get_gc_buffer *gc_buffer = zend_get_gc_buffer_create();
php_sqlite3_func *func = intern->funcs;
while (func != NULL) {
zend_get_gc_buffer_add_zval(gc_buffer, &func->func);
zend_get_gc_buffer_add_zval(gc_buffer, &func->step);
zend_get_gc_buffer_add_zval(gc_buffer, &func->fini);
func = func->next;
}
php_sqlite3_collation *collation = intern->collations;
while (collation != NULL) {
zend_get_gc_buffer_add_zval(gc_buffer, &collation->cmp_func);
collation = collation->next;
}
zend_get_gc_buffer_use(gc_buffer, table, n);
if (object->properties == NULL && object->ce->default_properties_count == 0) {
return NULL;
} else {
return zend_std_get_properties(object);
}
}
}
static void php_sqlite3_stmt_object_free_storage(zend_object *object) /* {{{ */ static void php_sqlite3_stmt_object_free_storage(zend_object *object) /* {{{ */
{ {
php_sqlite3_stmt *intern = php_sqlite3_stmt_from_obj(object); php_sqlite3_stmt *intern = php_sqlite3_stmt_from_obj(object);
@ -2377,6 +2413,7 @@ PHP_MINIT_FUNCTION(sqlite3)
sqlite3_object_handlers.offset = XtOffsetOf(php_sqlite3_db_object, zo); sqlite3_object_handlers.offset = XtOffsetOf(php_sqlite3_db_object, zo);
sqlite3_object_handlers.clone_obj = NULL; sqlite3_object_handlers.clone_obj = NULL;
sqlite3_object_handlers.free_obj = php_sqlite3_object_free_storage; sqlite3_object_handlers.free_obj = php_sqlite3_object_free_storage;
sqlite3_object_handlers.get_gc = php_sqlite3_get_gc;
php_sqlite3_sc_entry = register_class_SQLite3(); php_sqlite3_sc_entry = register_class_SQLite3();
php_sqlite3_sc_entry->create_object = php_sqlite3_object_new; php_sqlite3_sc_entry->create_object = php_sqlite3_object_new;
php_sqlite3_sc_entry->default_object_handlers = &sqlite3_object_handlers; php_sqlite3_sc_entry->default_object_handlers = &sqlite3_object_handlers;

31
ext/sqlite3/tests/gh11878.phpt Normal file
View file

@ -0,0 +1,31 @@
--TEST--
GH-11878 (SQLite3 callback functions cause a memory leak with a callable array)
--EXTENSIONS--
sqlite3
--FILE--
<?php
class Foo {
public $sqlite;
public function __construct(bool $normalFunctions, bool $aggregates) {
$this->sqlite = new SQLite3(":memory:");
if ($aggregates) {
$this->sqlite->createAggregate("indexes", array($this, "SQLiteIndex"), array($this, "SQLiteFinal"), 0);
}
if ($normalFunctions) {
$this->sqlite->createFunction("func", array($this, "SQLiteIndex"), 0);
$this->sqlite->createCollation("collation", array($this, "SQLiteIndex"));
}
}
public function SQLiteIndex() {}
public function SQLiteFinal() {}
}
// Test different combinations to check for null pointer derefs
$x = new Foo(true, true);
$y = new Foo(false, true);
$z = new Foo(true, false);
$w = new Foo(false, false);
?>
Done
--EXPECT--
Done