Fix memory leak in polynomialImage()#790
Open
ndossche wants to merge 1 commit into
Open
Conversation
`terms_double_array` is freed on other paths but not the
`MagickSetIteratorIndex` error path.
Furthermore, `IMAGICK_NOT_EMPTY(intern)` can return early too.
Move the allocation to avoid these 2 issues.
ASAN report:
```
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x758c39ce19c7 in malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
Imagick#1 0x6463c64adec5 in tracked_malloc /work/php-src/Zend/zend_alloc.c:3018
Imagick#2 0x6463c64ace29 in _emalloc /work/php-src/Zend/zend_alloc.c:2780
Imagick#3 0x6463c64ad33d in _ecalloc /work/php-src/Zend/zend_alloc.c:2847
Imagick#4 0x758c34a4c9f6 in php_imagick_zval_to_double_array /work/php-imagemagick/imagick_helpers.c:300
Imagick#5 0x758c34a26fbc in zim_Imagick_polynomialImage /work/php-imagemagick/imagick_class.c:14091
Imagick#6 0x6463c62c9395 in zend_test_execute_internal /work/php-src/ext/zend_test/observer.c:306
Imagick#7 0x6463c65f08bb in ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER /work/php-src/Zend/zend_vm_execute.h:2024
Imagick#8 0x6463c6751e07 in execute_ex /work/php-src/Zend/zend_vm_execute.h:116514
Imagick#9 0x6463c6766d70 in zend_execute /work/php-src/Zend/zend_vm_execute.h:121962
Imagick#10 0x6463c68cb56b in zend_execute_script /work/php-src/Zend/zend.c:1980
Imagick#11 0x6463c62fdd7b in php_execute_script_ex /work/php-src/main/main.c:2645
Imagick#12 0x6463c62fe18b in php_execute_script /work/php-src/main/main.c:2685
Imagick#13 0x6463c68d10d6 in do_cli /work/php-src/sapi/cli/php_cli.c:951
Imagick#14 0x6463c68d36a3 in main /work/php-src/sapi/cli/php_cli.c:1362
Imagick#15 0x758c38fbf1c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
Imagick#16 0x758c38fbf28a in __libc_start_main_impl ../csu/libc-start.c:360
Imagick#17 0x6463c5409df4 in _start (/work/php-src/build-dbg-asan/sapi/cli/php+0x609df4) (BuildId: 97494815ba6ad97379608f28619e331873dc4434)
```
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
terms_double_arrayis freed on other paths but not theMagickSetIteratorIndexerror path.Furthermore,
IMAGICK_NOT_EMPTY(intern)can return early too.Move the allocation to avoid these 2 issues.
ASAN report:
Note: this was found by a hybrid static-dynamic analyzer I'm developing.