Skip to content

Commit abe3673

Browse files
dstogovdstogov
authored
Fix memory leak after GC inside a foreach loop (php#12572)
Fixes oss-fuzz #54515
1 parent b0bac33 commit abe3673

File tree

2 files changed

+21
-1
lines changed

2 files changed

+21
-1
lines changed

Diff for: Zend/tests/gc_047.phpt

+20
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
--TEST--
2+
GC 047: Leak after GC inside a foreach loop
3+
--INI--
4+
zend.enable_gc=1
5+
--FILE--
6+
<?php
7+
$a = [0, 1];
8+
foreach($a as &$v) {
9+
$a[0] =& $a;
10+
$a[1] = array();
11+
$a[1][0] =& $a[1];
12+
$b = 1;
13+
$a =& $b;
14+
gc_collect_cycles();
15+
break;
16+
}
17+
var_dump(gc_collect_cycles());
18+
?>
19+
--EXPECT--
20+
int(2)

Diff for: Zend/zend_gc.c

+1-1
Original file line numberDiff line numberDiff line change
@@ -1696,7 +1696,7 @@ static void zend_gc_root_tmpvars(void) {
16961696
}
16971697

16981698
uint32_t kind = range->var & ZEND_LIVE_MASK;
1699-
if (kind == ZEND_LIVE_TMPVAR) {
1699+
if (kind == ZEND_LIVE_TMPVAR || kind == ZEND_LIVE_LOOP) {
17001700
uint32_t var_num = range->var & ~ZEND_LIVE_MASK;
17011701
zval *var = ZEND_CALL_VAR(ex, var_num);
17021702
if (Z_REFCOUNTED_P(var)) {

0 commit comments

Comments
 (0)