diff options
| author | Xinchen Hui <laruence@gmail.com> | 2014-03-06 18:06:41 +0800 |
|---|---|---|
| committer | Xinchen Hui <laruence@gmail.com> | 2014-03-06 18:06:41 +0800 |
| commit | ddf38619231643b00a3d052bd67e6ce4b12eccf1 (patch) | |
| tree | 5cc612a88dfe4a514ab2cc9826f208117e298f6c /ext/standard/formatted_print.c | |
| parent | 66dead5239f353bf5ccbd3fa26cf7dfb94719ca0 (diff) | |
| download | php-git-ddf38619231643b00a3d052bd67e6ce4b12eccf1.tar.gz | |
Fixed memory leak in vsprintf
Diffstat (limited to 'ext/standard/formatted_print.c')
| -rw-r--r-- | ext/standard/formatted_print.c | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/ext/standard/formatted_print.c b/ext/standard/formatted_print.c index 856c94a22b..576b611e8a 100644 --- a/ext/standard/formatted_print.c +++ b/ext/standard/formatted_print.c @@ -371,7 +371,7 @@ php_sprintf_getnumber(char *buffer, int *pos) static zend_string * php_formatted_print(int param_count, int use_array, int format_offset TSRMLS_DC) { - zval *args, *z_format; + zval *args, *z_format, *newargs = NULL; int argc, size = 240, inpos = 0, outpos = 0, temppos; int alignment, currarg, adjusting, argnum, width, precision; char *format, padding; @@ -390,7 +390,7 @@ php_formatted_print(int param_count, int use_array, int format_offset TSRMLS_DC) if (use_array) { int i = 1; - zval *newargs, *zv; + zval *zv; zval array; z_format = &args[format_offset]; @@ -448,6 +448,9 @@ php_formatted_print(int param_count, int use_array, int format_offset TSRMLS_DC) if (argnum <= 0) { efree(result); + if (newargs) { + efree(newargs); + } php_error_docref(NULL TSRMLS_CC, E_WARNING, "Argument number must be greater than zero"); return NULL; } @@ -489,6 +492,9 @@ php_formatted_print(int param_count, int use_array, int format_offset TSRMLS_DC) if ((width = php_sprintf_getnumber(format, &inpos)) < 0) { efree(result); php_error_docref(NULL TSRMLS_CC, E_WARNING, "Width must be greater than zero and less than %d", INT_MAX); + if (newargs) { + efree(newargs); + } return NULL; } adjusting |= ADJ_WIDTH; @@ -505,6 +511,9 @@ php_formatted_print(int param_count, int use_array, int format_offset TSRMLS_DC) if ((precision = php_sprintf_getnumber(format, &inpos)) < 0) { efree(result); php_error_docref(NULL TSRMLS_CC, E_WARNING, "Precision must be greater than zero and less than %d", INT_MAX); + if (newargs) { + efree(newargs); + } return NULL; } adjusting |= ADJ_PRECISION; @@ -524,6 +533,9 @@ php_formatted_print(int param_count, int use_array, int format_offset TSRMLS_DC) if (argnum >= argc) { efree(result); php_error_docref(NULL TSRMLS_CC, E_WARNING, "Too few arguments"); + if (newargs) { + efree(newargs); + } return NULL; } @@ -642,7 +654,11 @@ php_formatted_print(int param_count, int use_array, int format_offset TSRMLS_DC) inpos++; } } - + + if (newargs) { + efree(newargs); + } + /* possibly, we have to make sure we have room for the terminating null? */ result->val[outpos]=0; result->len = outpos; |