Fix GH-11347: Memory leak when calling a static method inside an xpath query #11350
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…path query It's a type confusion bug. `zend_make_callable` may change the function name of the fci to become an array, causing a crash in debug mode on `zval_ptr_dtor_str(&fci.function_name);` in `dom_xpath_ext_function_php`. On a production build it doesn't crash but only causes a leak, because the array elements are not destroyed, only the array container itself is. We can use the nogc variant because it cannot contain cycles, the potential array can only contain 2 strings.
|
Thanks for fixing the issue. Will this patch be in the next release 8.1.19 ? |
Member
Author
8.1.19 is already released. The next release is 8.1.20, but that one's already tagged. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
It's a type confusion bug.
zend_make_callablemay change the function name of the fci to become an array, causing a crash in debug mode onzval_ptr_dtor_str(&fci.function_name);indom_xpath_ext_function_php. On a production build it doesn't crash but only causes a leak, because the array elements are not destroyed, only the array container itself is.