diff --git a/NEWS b/NEWS index 375dbfbc0e4..dca8db6eba1 100644 --- a/NEWS +++ b/NEWS @@ -98,6 +98,9 @@ PHP NEWS . pg_fetch_object raises a ValueError instead of an Exception. (David Carlier) +- Phar: + . Fix memory leak in phar_rename_archive(). (stkeke) + - Posix: . Added posix_sysconf. (David Carlier) . Added posix_pathconf. (David Carlier) diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c index ba47cd88439..6a593b981a1 100644 --- a/ext/phar/phar_object.c +++ b/ext/phar/phar_object.c @@ -2113,10 +2113,12 @@ static zend_object *phar_rename_archive(phar_archive_data **sphar, char *ext) /* pphar->flags = phar->flags; pphar->fp = phar->fp; phar->fp = NULL; + /* FIX: GH-10755 Double-free issue caught by ASAN check */ + pphar->alias = phar->alias; /* Transfer alias to pphar to */ + phar->alias = NULL; /* avoid being free'd twice */ phar_destroy_phar_data(phar); *sphar = NULL; phar = pphar; - phar->refcount++; newpath = oldpath; goto its_ok; } diff --git a/ext/phar/tests/bug69958.phpt b/ext/phar/tests/bug69958.phpt index b53c76a1049..447efce57db 100644 --- a/ext/phar/tests/bug69958.phpt +++ b/ext/phar/tests/bug69958.phpt @@ -1,7 +1,5 @@ --TEST-- Phar: bug #69958: Segfault in Phar::convertToData on invalid file ---XFAIL-- -Still has memory leaks, see https://bugs.php.net/bug.php?id=70005 --EXTENSIONS-- phar --FILE-- @@ -10,8 +8,8 @@ $tarphar = new PharData(__DIR__.'/bug69958.tar'); $phar = $tarphar->convertToData(Phar::TAR); ?> --EXPECTF-- -Fatal error: Uncaught BadMethodCallException: phar "%s/bug69958.tar" exists and must be unlinked prior to conversion in %s/bug69958.php:%d +Fatal error: Uncaught BadMethodCallException: phar "%sbug69958.tar" exists and must be unlinked prior to conversion in %sbug69958.php:%d Stack trace: -#0 %s/bug69958.php(%d): PharData->convertToData(%d) +#0 %sbug69958.php(%d): PharData->convertToData(%d) #1 {main} - thrown in %s/bug69958.php on line %d + thrown in %sbug69958.php on line %d