Skip to content

Commit f1ae135

Browse files
dstogovdstogov
committed
Fix memory leak
Fixes oss-fuzz #43988
1 parent 2af3323 commit f1ae135

File tree

2 files changed

+29
-5
lines changed

2 files changed

+29
-5
lines changed

Zend/tests/dynamic_prop_deprecation_002.phpt

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
--TEST--
2+
Dynamic properties deprecation 002 (memory leak)
3+
--FILE--
4+
<?php
5+
set_error_handler(function($code, $msg){
6+
echo "Err: $msg\n";
7+
$GLOBALS['a']=null;
8+
});
9+
$a = new class{};
10+
[&$a->y];
11+
?>
12+
--EXPECT--
13+
Err: Creation of dynamic property class@anonymous::$y is deprecated

Zend/zend_object_handlers.c

Lines changed: 16 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -277,10 +277,16 @@ static ZEND_COLD zend_never_inline void zend_forbidden_dynamic_property(
277277
ZSTR_VAL(ce->name), ZSTR_VAL(member));
278278
}
279279

280-
static ZEND_COLD zend_never_inline void zend_deprecated_dynamic_property(
281-
zend_class_entry *ce, zend_string *member) {
280+
static ZEND_COLD zend_never_inline bool zend_deprecated_dynamic_property(
281+
zend_object *obj, zend_string *member) {
282+
GC_ADDREF(obj);
282283
zend_error(E_DEPRECATED, "Creation of dynamic property %s::$%s is deprecated",
283-
ZSTR_VAL(ce->name), ZSTR_VAL(member));
284+
ZSTR_VAL(obj->ce->name), ZSTR_VAL(member));
285+
if (UNEXPECTED(GC_DELREF(obj) == 0)) {
286+
zend_objects_store_del(obj);
287+
return 0;
288+
}
289+
return 1;
284290
}
285291

286292
static ZEND_COLD zend_never_inline void zend_readonly_property_modification_scope_error(
@@ -880,7 +886,10 @@ ZEND_API zval *zend_std_write_property(zend_object *zobj, zend_string *name, zva
880886
goto exit;
881887
}
882888
if (UNEXPECTED(!(zobj->ce->ce_flags & ZEND_ACC_ALLOW_DYNAMIC_PROPERTIES))) {
883-
zend_deprecated_dynamic_property(zobj->ce, name);
889+
if (UNEXPECTED(!zend_deprecated_dynamic_property(zobj, name))) {
890+
variable_ptr = &EG(error_zval);
891+
goto exit;
892+
}
884893
}
885894

886895
Z_TRY_ADDREF_P(value);
@@ -1063,7 +1072,9 @@ ZEND_API zval *zend_std_get_property_ptr_ptr(zend_object *zobj, zend_string *nam
10631072
return &EG(error_zval);
10641073
}
10651074
if (UNEXPECTED(!(zobj->ce->ce_flags & ZEND_ACC_ALLOW_DYNAMIC_PROPERTIES))) {
1066-
zend_deprecated_dynamic_property(zobj->ce, name);
1075+
if (UNEXPECTED(!zend_deprecated_dynamic_property(zobj, name))) {
1076+
return &EG(error_zval);
1077+
}
10671078
}
10681079
if (UNEXPECTED(!zobj->properties)) {
10691080
rebuild_object_properties(zobj);

0 commit comments

Comments
 (0)