Skip to content

Memory leak in DOMProcessingInstruction/DOMDocument #16152

Closed
@chibinz

Description

@chibinz

Description

The following code:

<?php


$doc = new DOMDocument (  );
$instr = new DOMProcessingInstruction ( "tr" , "r" );
$frag = new DOMDocumentFragment (  );
$frag2 = new DOMDocumentFragment (  );
$frag2 -> append ( $instr );
$frag -> append ( $frag2 );
$doc -> insertBefore ( $frag );

Resulted in this output:

=================================================================
==111665==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 48 byte(s) in 1 object(s) allocated from:
    #0 0x559c452875ee in malloc /opt/llvm-15-build/llvm-15.x/final/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3
    #1 0x559c462211ee in __zend_malloc /tmp/php-afl/Zend/zend_alloc.c:3280:14
    #2 0x559c4541c331 in php_libxml_increment_doc_ref /tmp/php-afl/ext/libxml/libxml.c:1360:22
    #3 0x559c45586e9a in zim_DOMDocument___construct /tmp/php-afl/ext/dom/document.c:1282:6
    #4 0x559c4651ccb2 in ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER /tmp/php-afl/Zend/zend_vm_execute.h
    #5 0x559c4641e3a0 in execute_ex /tmp/php-afl/Zend/zend_vm_execute.h:58486:7
    #6 0x559c4641f1b7 in zend_execute /tmp/php-afl/Zend/zend_vm_execute.h:64138:2
    #7 0x559c46904384 in zend_execute_script /tmp/php-afl/Zend/zend.c:1928:3
    #8 0x559c45fd3b0e in php_execute_script_ex /tmp/php-afl/main/main.c:2574:13
    #9 0x559c4690df4c in do_cli /tmp/php-afl/sapi/cli/php_cli.c:935:5
    #10 0x559c46909c91 in main /tmp/php-afl/sapi/cli/php_cli.c:1310:18
    #11 0x7fb273e29d8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f) (BuildId: 490fef8403240c91833978d494d39e537409b92e)

Indirect leak of 176 byte(s) in 1 object(s) allocated from:
    #0 0x559c452875ee in malloc /opt/llvm-15-build/llvm-15.x/final/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3
    #1 0x7fb2741f52de in xmlNewDoc (/lib/x86_64-linux-gnu/libxml2.so.2+0x622de) (BuildId: aebf8e42966c3ce475ff9d9d51a762831adcbb61)

Indirect leak of 120 byte(s) in 1 object(s) allocated from:
    #0 0x559c452875ee in malloc /opt/llvm-15-build/llvm-15.x/final/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3
    #1 0x7fb2741f54f5 in xmlNewPI (/lib/x86_64-linux-gnu/libxml2.so.2+0x624f5) (BuildId: aebf8e42966c3ce475ff9d9d51a762831adcbb61)

Indirect leak of 24 byte(s) in 1 object(s) allocated from:
    #0 0x559c452875ee in malloc /opt/llvm-15-build/llvm-15.x/final/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3
    #1 0x559c462211ee in __zend_malloc /tmp/php-afl/Zend/zend_alloc.c:3280:14
    #2 0x559c4541bae2 in php_libxml_increment_node_ptr /tmp/php-afl/ext/libxml/libxml.c:1313:19
    #3 0x559c456618e9 in zim_DOMProcessingInstruction___construct /tmp/php-afl/ext/dom/processinginstruction.c:65:2
    #4 0x559c4651ccb2 in ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER /tmp/php-afl/Zend/zend_vm_execute.h
    #5 0x559c4641e3a0 in execute_ex /tmp/php-afl/Zend/zend_vm_execute.h:58486:7
    #6 0x559c4641f1b7 in zend_execute /tmp/php-afl/Zend/zend_vm_execute.h:64138:2
    #7 0x559c46904384 in zend_execute_script /tmp/php-afl/Zend/zend.c:1928:3
    #8 0x559c45fd3b0e in php_execute_script_ex /tmp/php-afl/main/main.c:2574:13
    #9 0x559c4690df4c in do_cli /tmp/php-afl/sapi/cli/php_cli.c:935:5
    #10 0x559c46909c91 in main /tmp/php-afl/sapi/cli/php_cli.c:1310:18
    #11 0x7fb273e29d8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f) (BuildId: 490fef8403240c91833978d494d39e537409b92e)

Indirect leak of 5 byte(s) in 2 object(s) allocated from:
    #0 0x559c452875ee in malloc /opt/llvm-15-build/llvm-15.x/final/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3
    #1 0x7fb2742767f2 in xmlStrdup (/lib/x86_64-linux-gnu/libxml2.so.2+0xe37f2) (BuildId: aebf8e42966c3ce475ff9d9d51a762831adcbb61)

Indirect leak of 4 byte(s) in 1 object(s) allocated from:
    #0 0x559c452875ee in malloc /opt/llvm-15-build/llvm-15.x/final/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3
    #1 0x7fb2742766e3 in xmlStrndup (/lib/x86_64-linux-gnu/libxml2.so.2+0xe36e3) (BuildId: aebf8e42966c3ce475ff9d9d51a762831adcbb61)

SUMMARY: AddressSanitizer: 377 byte(s) leaked in 7 allocation(s).

But I expected this output instead:

no leak

PHP Version

PHP 8.4.0-dev

Operating System

No response

Metadata

Metadata

Assignees

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions