php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #62210 Exceptions can leak temporary variables
Submitted: 2012-06-02 00:46 UTC Modified: 2015-11-13 12:38 UTC
Votes:4
Avg. Score:4.5 ± 0.5
Reproduced:1 of 3 (33.3%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: [email protected] Assigned: dmitry (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
View Developer Edit
 [2012-06-02 00:46 UTC] [email protected] 
Description:
------------
The script

<?php
function throwException() { throw new Exception }
function doSomething() { [] + throwException(); }
try { doSomething(); } catch (Exception $e) { }

leaks

/home/nikic/dev/php-src/Zend/zend_vm_execute.h(25625) :  Freeing 0xB77ABA44 (44 bytes), script=-
/home/nikic/dev/php-src/Zend/zend_API.c(982) : Actual location (location was relayed)
=== Total 1 memory leaks detected ===

This generally always happens whenever an exception is thrown while evaluation an expression which contains (non-scalar) temporary variables. In the above case the array hash table is leaked.

The reason is that the FREE opcode for the temporary variable is never executed due to the exception. Exceptions only free temporary loop variables.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-06-03 14:20 UTC] [email protected]
-Status: Open +Status: Assigned -Assigned To: +Assigned To: dmitry
 [2012-06-25 08:12 UTC] [email protected] 
I confirm the bug, but I don't see a simple way to fix it.

In general, it's possible to extend zend_op_array with information about ranges of temporary variables livenes, but overhead is going to be too high.
 [2015-07-07 12:42 UTC] [email protected] 
Automatic comment on behalf of [email protected]
Revision: http://git.php.net/?p=php-src.git;a=commit;h=5ee841325901a4b040cfea56292a24702fe224d9
Log: Fixed bug #62210 (Exceptions can leak temporary variables. As a part of the fix serious refactoring was done. op_array-&gt;brk_cont_array was removed, and replaced with more general and speed efficient op_array-&gt;T_liveliness. ZEND_GOTO opcode is always replaced by ZEND_JMP at compile time). (Bob, Dmitry, Laruence)
 [2015-07-07 12:42 UTC] [email protected]
-Status: Assigned +Status: Closed
 [2015-07-07 23:36 UTC] [email protected] 
Automatic comment on behalf of [email protected]
Revision: http://git.php.net/?p=php-src.git;a=commit;h=5ee841325901a4b040cfea56292a24702fe224d9
Log: Fixed bug #62210 (Exceptions can leak temporary variables. As a part of the fix serious refactoring was done. op_array-&gt;brk_cont_array was removed, and replaced with more general and speed efficient op_array-&gt;T_liveliness. ZEND_GOTO opcode is always replaced by ZEND_JMP at compile time). (Bob, Dmitry, Laruence)
 [2015-07-10 01:58 UTC] [email protected]
-Status: Closed +Status: Re-Opened
 [2015-07-10 01:58 UTC] [email protected] 
The fix was reverted.
 [2015-07-10 10:31 UTC] [email protected] 
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=ad8a73dd55c087de465ad80e8715611693bb1460
Log: Revert &quot;Fixed bug #62210 (Exceptions can leak temporary variables. As a part of the fix serious refactoring was done. op_array-&gt;brk_cont_array was removed, and replaced with more general and speed efficient op_array-&gt;T_liveliness. ZEND_GOTO opcode is always replaced by ZEND_JMP at compile time). (Bob, Dmitry, Laruence)&quot;
 [2015-07-10 10:31 UTC] [email protected]
-Status: Re-Opened +Status: Closed
 [2015-07-10 11:04 UTC] [email protected]
-Status: Closed +Status: Re-Opened
 [2015-11-13 12:38 UTC] [email protected]
-Status: Re-Opened +Status: Closed
 [2015-11-13 12:38 UTC] [email protected] 
Fixed in master (for 7.1) by http://git.php.net/?p=php-src.git;a=commitdiff;h=3a5fa926bfc409963f500144ea6d5e890e712a86
 [2016-07-20 11:38 UTC] [email protected] 
Automatic comment on behalf of [email protected]
Revision: http://git.php.net/?p=php-src.git;a=commit;h=5ee841325901a4b040cfea56292a24702fe224d9
Log: Fixed bug #62210 (Exceptions can leak temporary variables. As a part of the fix serious refactoring was done. op_array-&gt;brk_cont_array was removed, and replaced with more general and speed efficient op_array-&gt;T_liveliness. ZEND_GOTO opcode is always replaced by ZEND_JMP at compile time). (Bob, Dmitry, Laruence)
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sun Jun 08 15:01:26 2025 UTC