Skip to content

Fixed GH-17398: bcmul memory leak #17615

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 2 commits into from
Closed

Fixed GH-17398: bcmul memory leak #17615

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
345bff9
When freeing BCG with PHP_GSHUTDOWN_FUNCTION, it is now forcibly
SakiTakamachi Jan 29, 2025
f8a14df
Address comments
SakiTakamachi Jan 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 1 addition & 3 deletions ext/bcmath/bcmath.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,9 +96,7 @@ static PHP_GINIT_FUNCTION(bcmath)
/* {{{ PHP_GSHUTDOWN_FUNCTION */
static PHP_GSHUTDOWN_FUNCTION(bcmath)
{
_bc_free_num_ex(&bcmath_globals->_zero_, 1);
_bc_free_num_ex(&bcmath_globals->_one_, 1);
_bc_free_num_ex(&bcmath_globals->_two_, 1);
bc_force_free_numbers();
}
/* }}} */

Expand Down
2 changes: 2 additions & 0 deletions ext/bcmath/libbcmath/src/bcmath.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,8 @@ typedef struct bc_struct {

void bc_init_numbers(void);

void bc_force_free_numbers(void);

bc_num _bc_new_num_ex(size_t length, size_t scale, bool persistent);

void _bc_free_num_ex(bc_num *num, bool persistent);
Expand Down
14 changes: 14 additions & 0 deletions ext/bcmath/libbcmath/src/init.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,20 @@ void bc_init_numbers(void)
BCG(_two_)->n_value[0] = 2;
}

static void _bc_force_free_number(bc_num *num)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Function names starting with underscores should be avoided in new code because in C a name starting with underscore is reserved.

{
pefree((*num)->n_ptr, 1);
pefree(*num, 1);
*num = NULL;
}

void bc_force_free_numbers(void)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

During GSHUTDOWN you should use the passed bcmath_globals instead of BCG to avoid freeing the wrong data in ZTS. In fact, If I were you I'd call _bc_force_free_number directly in GSHUTDOWN.

{
_bc_force_free_number(&BCG(_zero_));
_bc_force_free_number(&BCG(_one_));
_bc_force_free_number(&BCG(_two_));
}


/* Make a copy of a number! Just increments the reference count! */
bc_num bc_copy_num(bc_num num)
Expand Down
10 changes: 10 additions & 0 deletions ext/bcmath/tests/gh17398.phpt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
--TEST--
GH-17398 (bcmul memory leak)
--EXTENSIONS--
bcmath
--FILE--
<?php
bcmul('0', '0', 2147483647);
?>
--EXPECTF--
Fatal error: Allowed memory size of %d bytes exhausted%s(tried to allocate %d bytes) in %s on line %d
Loading