[pull] master from php:master#325
Merged
Merged
Conversation
…dict
```
Direct leak of 52 byte(s) in 1 object(s) allocated from:
#0 0x7ff90cd2c161 in malloc (/usr/lib/libasan.so.8+0x12c161) (BuildId: ee5fbab73143ab257a66a33afe0f038a4af7a74e)
#1 0x55de10c9a468 in tracked_malloc /work/php-8.4/Zend/zend_alloc.c:2973
#2 0x55de10c99443 in _emalloc /work/php-8.4/Zend/zend_alloc.c:2740
#3 0x55de102deb86 in zlib_create_dictionary_string /work/php-8.4/ext/zlib/zlib.c:836
#4 0x55de102e145a in zif_deflate_init /work/php-8.4/ext/zlib/zlib.c:1144
#5 0x55de10dcac6c in ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER /work/php-8.4/Zend/zend_vm_execute.h:1351
#6 0x55de10f2d69d in execute_ex /work/php-8.4/Zend/zend_vm_execute.h:58907
#7 0x55de10f41666 in zend_execute /work/php-8.4/Zend/zend_vm_execute.h:64334
#8 0x55de110a6cf8 in zend_execute_script /work/php-8.4/Zend/zend.c:1934
#9 0x55de10af0ddb in php_execute_script_ex /work/php-8.4/main/main.c:2577
#10 0x55de10af128f in php_execute_script /work/php-8.4/main/main.c:2617
#11 0x55de110ac5e1 in do_cli /work/php-8.4/sapi/cli/php_cli.c:935
#12 0x55de110ae592 in main /work/php-8.4/sapi/cli/php_cli.c:1322
#13 0x7ff90c027740 (/usr/lib/libc.so.6+0x27740) (BuildId: 020d6f7c33b2413f4fe10814c4729dce1387f049)
#14 0x7ff90c027878 in __libc_start_main (/usr/lib/libc.so.6+0x27878) (BuildId: 020d6f7c33b2413f4fe10814c4729dce1387f049)
#15 0x55de10005964 in _start (/work/php-8.4/sapi/cli/php+0x605964) (BuildId: 5f144db4e56ea623e070c56445fb1dfa3f8d085d)
SUMMARY: AddressSanitizer: 52 byte(s) leaked in 1 allocation(s).
```
Closes GH-22101.
* PHP-8.4: zlib: fix memory leak if deflate initialization fails and there is a dict
* PHP-8.5: zlib: fix memory leak if deflate initialization fails and there is a dict
…eturn gdImageSetStyle freed im->style before checking overflow2(). When the overflow check tripped and the function early-returned, im->style was left dangling. The next gdImageSetStyle, gdImageDestroy, or gdImageSetPixel gdStyled/gdStyledBrushed dispatch then freed or dereferenced it. Move the overflow check above the free to match upstream libgd (libgd/libgd src/gd.c::gdImageSetStyle), which has always had the check first. The original divergence was an oversight in 77ba248 when the overflow check was ported from libgd 2.0.29. Fixes GH-22121 Closes GH-22125
* PHP-8.4: Fix GH-22121: double-free in gdImageSetStyle() after overflow early return
* PHP-8.5: Fix GH-22121: double-free in gdImageSetStyle() after overflow early return
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )