Skip to content

Commit 2364479

Browse files
author
Dmitry Gopkalo
committed
- fix meminfo_info_dump function memory leak
1 parent 4f8d854 commit 2364479

File tree

1 file changed

+23
-10
lines changed

1 file changed

+23
-10
lines changed

extension/meminfo.c

Lines changed: 23 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -380,7 +380,7 @@ int meminfo_visit_item(const char * item_label, HashTable *visited_items)
380380
void meminfo_hash_dump(php_stream *stream, HashTable *ht, zend_bool is_object, HashTable *visited_items, int *first_element)
381381
{
382382
zval **zval;
383-
char *key;
383+
char *key, *char_buf;;
384384

385385
HashPosition pos;
386386
ulong num_key;
@@ -406,10 +406,13 @@ void meminfo_hash_dump(php_stream *stream, HashTable *ht, zend_bool is_object, H
406406
if (is_object) {
407407
const char *property_name, *class_name;
408408
int mangled = zend_unmangle_property_name(key, key_len - 1, &class_name, &property_name);
409-
410-
php_stream_printf(stream TSRMLS_CC, " \"%s\":\"%p\"", meminfo_escape_for_json(property_name), *zval );
409+
char_buf = meminfo_escape_for_json(property_name);
410+
php_stream_printf(stream TSRMLS_CC, " \"%s\":\"%p\"", char_buf, *zval );
411+
efree(char_buf);
411412
} else {
412-
php_stream_printf(stream TSRMLS_CC, " \"%s\":\"%p\"", meminfo_escape_for_json(key), *zval );
413+
char_buf = meminfo_escape_for_json(key);
414+
php_stream_printf(stream TSRMLS_CC, " \"%s\":\"%p\"", char_buf, *zval );
415+
efree(char_buf);
413416
}
414417

415418
break;
@@ -432,6 +435,7 @@ void meminfo_hash_dump(php_stream *stream, HashTable *ht, zend_bool is_object, H
432435
void meminfo_zval_dump(php_stream * stream, char * frame_label, char * symbol_name, zval * zv, HashTable *visited_items, int *first_element)
433436
{
434437
char zval_id[16];
438+
char *char_buf;
435439
sprintf(zval_id, "%p", zv);
436440

437441
if (meminfo_visit_item(zval_id, visited_items)) {
@@ -450,10 +454,14 @@ void meminfo_zval_dump(php_stream * stream, char * frame_label, char * symbol_na
450454

451455
if (frame_label) {
452456
if (symbol_name) {
453-
php_stream_printf(stream TSRMLS_CC, " \"symbol_name\" : \"%s\",\n", meminfo_escape_for_json(symbol_name));
457+
char_buf = meminfo_escape_for_json(symbol_name);
458+
php_stream_printf(stream TSRMLS_CC, " \"symbol_name\" : \"%s\",\n", char_buf);
459+
efree(char_buf);
454460
}
455461
php_stream_printf(stream TSRMLS_CC, " \"is_root\" : true,\n");
456-
php_stream_printf(stream TSRMLS_CC, " \"frame\" : \"%s\"\n", meminfo_escape_for_json(frame_label));
462+
char_buf = meminfo_escape_for_json(frame_label);
463+
php_stream_printf(stream TSRMLS_CC, " \"frame\" : \"%s\"\n", char_buf);
464+
efree(char_buf);
457465
} else {
458466
php_stream_printf(stream TSRMLS_CC, " \"is_root\" : false\n");
459467
}
@@ -466,7 +474,9 @@ void meminfo_zval_dump(php_stream * stream, char * frame_label, char * symbol_na
466474
int is_temp;
467475

468476
php_stream_printf(stream TSRMLS_CC, ",\n");
469-
php_stream_printf(stream TSRMLS_CC, " \"class\" : \"%s\",\n", meminfo_escape_for_json(meminfo_get_classname(zv->value.obj.handle)));
477+
char_buf = meminfo_escape_for_json(meminfo_get_classname(zv->value.obj.handle));
478+
php_stream_printf(stream TSRMLS_CC, " \"class\" : \"%s\",\n", char_buf);
479+
efree(char_buf);
470480
php_stream_printf(stream TSRMLS_CC, " \"object_handle\" : \"%d\",\n", zv->value.obj.handle);
471481

472482
properties = Z_OBJDEBUG_P(zv, is_temp);
@@ -486,6 +496,7 @@ void meminfo_zval_dump(php_stream * stream, char * frame_label, char * symbol_na
486496
php_stream_printf(stream TSRMLS_CC, "\n");
487497
}
488498
}
499+
489500
/**
490501
* Get size of an element
491502
*
@@ -522,11 +533,13 @@ zend_ulong meminfo_get_element_size(zval *zv)
522533
char * meminfo_escape_for_json(const char *s)
523534
{
524535
int new_str_len;
525-
char *s1;
536+
char *s1, *s2;
537+
s1 = php_str_to_str((char*)s, strlen(s), "\\", 1, "\\\\", 2, &new_str_len);
538+
s2 = php_str_to_str(s1, strlen(s1), "\"", 1, "\\\"", 2, &new_str_len);
526539

527-
s1 = php_str_to_str(s, strlen(s), "\\", 1, "\\\\", 2, &new_str_len);
540+
efree(s1);
528541

529-
return php_str_to_str(s1, strlen(s1), "\"", 1, "\\\"", 2, &new_str_len);
542+
return s2;
530543
}
531544

532545
/**

0 commit comments

Comments
 (0)