mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-11-24 10:24:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix memory leak

Browse Source 
Fixes oss-fuzz #51622
This commit is contained in:
Dmitry Stogov 2022-09-26 12:02:03 +03:00
parent b655451439
commit c083efb779
2 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Zend/zend_vm_def.h
View File

@ -7791,6 +7791,19 @@ ZEND_VM_HANDLER(149, ZEND_HANDLE_EXCEPTION, ANY, ANY)
*/
const zend_live_range *range = find_live_range(
&EX(func)->op_array, throw_op_num, throw_op->op1.var);
/* free op1 of the corresponding RETURN */
for (i = throw_op_num; i < range->end; i++) {
if (EX(func)->op_array.opcodes[i].opcode == ZEND_FREE
|| EX(func)->op_array.opcodes[i].opcode == ZEND_FE_FREE) {
/* pass */
} else {
if (EX(func)->op_array.opcodes[i].opcode == ZEND_RETURN
&& (EX(func)->op_array.opcodes[i].op1_type & (IS_VAR|IS_TMP_VAR))) {
zval_ptr_dtor(EX_VAR(EX(func)->op_array.opcodes[i].op1.var));
}
break;
}
}
throw_op_num = range->end;
}

13
Zend/zend_vm_execute.h
View File

@ -2943,6 +2943,19 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_HANDLE_EXCEPTION_SPEC_HANDLER(
*/
const zend_live_range *range = find_live_range(
&EX(func)->op_array, throw_op_num, throw_op->op1.var);
/* free op1 of the corresponding RETURN */
for (i = throw_op_num; i < range->end; i++) {
if (EX(func)->op_array.opcodes[i].opcode == ZEND_FREE
|| EX(func)->op_array.opcodes[i].opcode == ZEND_FE_FREE) {
/* pass */
} else {
if (EX(func)->op_array.opcodes[i].opcode == ZEND_RETURN
&& (EX(func)->op_array.opcodes[i].op1_type & (IS_VAR|IS_TMP_VAR))) {
zval_ptr_dtor(EX_VAR(EX(func)->op_array.opcodes[i].op1.var));
}
break;
}
}
throw_op_num = range->end;
}