Skip to content

Commit

Permalink
Fix phpGH-17145: DOM memory leak
Browse files Browse the repository at this point in the history 
Because the use of RETURN instead of RETVAL, the freeing code could not
be executed. This only is triggerable if the content of the attribute is
mixed text and entities, so it wasn't noticed earlier.
  • Loading branch information
@nielsdos
nielsdos committed Dec 13, 2024
1 parent b86308c commit dd73b38
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 1 deletion.
2 changes: 1 addition & 1 deletion ext/dom/php_dom.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2375,7 +2375,7 @@ void php_dom_get_content_into_zval(const xmlNode *nodep, zval *return_value, boo
case XML_ATTRIBUTE_NODE: {
bool free;
xmlChar *value = php_libxml_attr_value((const xmlAttr *) nodep, &free);
RETURN_STRING_FAST((const char *) value);
RETVAL_STRING_FAST((const char *) value);
if (free) {
xmlFree(value);
}
Expand Down
18 changes: 18 additions & 0 deletions ext/dom/tests/gh17145.phpt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
--TEST--
GH-17145 (DOM memory leak)
--EXTENSIONS--
dom
--CREDITS--
YuanchengJiang
--FILE--
<?php
$element = new DOMElement("N", "W", "y");
$attr = new DOMAttr("c" , "n");
$doc = new DOMDocument();
$doc->appendChild($element);
$element->setAttributeNodeNS($attr);
$attr->appendChild($doc->createEntityReference('amp'));
echo $attr->value;
?>
--EXPECT--
n&

0 comments on commit dd73b38

Please sign in to comment.