Possible memory leak in php_msgpack_unserialize #176
Description
Hi 👋,
I came across a possible memory leak in msgpack
I can reproduce the leak in php 8.2 and 8.3 and in msgpack 2.2.0, 3.0.0, and master.
<?php
$data = hex2bin('89716235369266a1b030656238313037383332393464363764');
$unserialized = msgpack_unserialize($data);
// var_dump($unserialized);Output:
❯ sapi/cli/php msgpack-reproducer.php
Warning: [msgpack] (msgpack_unserialize_map_item) illegal key type in /home/mike/dev/phpfarm/src/php-8.3.11-debug/msgpack-reproducer.php on line 5
Warning: Array to string conversion in /home/mike/dev/phpfarm/src/php-8.3.11-debug/msgpack-reproducer.php on line 5
Warning: [msgpack] (php_msgpack_unserialize) Extra bytes in /home/mike/dev/phpfarm/src/php-8.3.11-debug/msgpack-reproducer.php on line 5
[Thu Oct 3 10:31:36 2024] Script: '/home/mike/dev/phpfarm/src/php-8.3.11-debug/msgpack-reproducer.php'
/home/mike/dev/phpfarm/src/php-8.3.11-debug/Zend/zend_string.h(174) : Freeing 0x0000749bd1203c40 (32 bytes), script=/home/mike/dev/phpfarm/src/php-8.3.11-debug/msgpack-reproducer.php
[Thu Oct 3 10:31:36 2024] Script: '/home/mike/dev/phpfarm/src/php-8.3.11-debug/msgpack-reproducer.php'
/home/mike/dev/phpfarm/src/php-8.3.11-debug/Zend/zend_hash.c(291) : Freeing 0x0000749bd125db40 (56 bytes), script=/home/mike/dev/phpfarm/src/php-8.3.11-debug/msgpack-reproducer.php
[Thu Oct 3 10:31:36 2024] Script: '/home/mike/dev/phpfarm/src/php-8.3.11-debug/msgpack-reproducer.php'
/home/mike/dev/phpfarm/src/php-8.3.11-debug/Zend/zend_hash.c(157) : Freeing 0x0000749bd1261180 (136 bytes), script=/home/mike/dev/phpfarm/src/php-8.3.11-debug/msgpack-reproducer.php
=== Total 3 memory leaks detected ===
Valgrind has more info:
$ USE_ZEND_ALLOC=0 valgrind sapi/cli/php --leak-check=full msgpack-reproducer.php
=620239== Command: sapi/cli/php msgpack-reproducer.php
==620239==
Warning: [msgpack] (msgpack_unserialize_map_item) illegal key type in /home/mike/dev/phpfarm/src/php-8.3.11-debug/msgpack-reproducer.php on line 5
Warning: Array to string conversion in /home/mike/dev/phpfarm/src/php-8.3.11-debug/msgpack-reproducer.php on line 5
Warning: [msgpack] (php_msgpack_unserialize) Extra bytes in /home/mike/dev/phpfarm/src/php-8.3.11-debug/msgpack-reproducer.php on line 5
==620239==
==620239== HEAP SUMMARY:
==620239== in use at exit: 224 bytes in 3 blocks
==620239== total heap usage: 31,171 allocs, 31,167 frees, 21,577,011 bytes allocated
==620239==
==620239== 224 (56 direct, 168 indirect) bytes in 1 blocks are definitely lost in loss record 3 of 3
==620239== at 0x484977B: malloc (vg_replace_malloc.c:446)
==620239== by 0xD9BD5B: __zend_malloc (zend_alloc.c:3128)
==620239== by 0xD9A9B0: _malloc_custom (zend_alloc.c:2491)
==620239== by 0xD9AAEE: _emalloc (zend_alloc.c:2610)
==620239== by 0xDED989: _zend_new_array (zend_hash.c:291)
==620239== by 0x8CA788: msgpack_unserialize_array (msgpack_unpack.c:550)
==620239== by 0x8C39BA: msgpack_unserialize_execute (unpack_template.h:231)
==620239== by 0x8C4B9D: php_msgpack_unserialize (msgpack.c:252)
==620239== by 0x8C4F2D: zif_msgpack_unserialize (msgpack.c:318)
==620239== by 0xE18118: ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:1337)
==620239== by 0xE8DBD3: execute_ex (zend_vm_execute.h:57216)
==620239== by 0xE92419: zend_execute (zend_vm_execute.h:61604)
==620239==
==620239== LEAK SUMMARY:
==620239== definitely lost: 56 bytes in 1 blocks
==620239== indirectly lost: 168 bytes in 2 blocks
==620239== possibly lost: 0 bytes in 0 blocks
==620239== still reachable: 0 bytes in 0 blocks
==620239== suppressed: 0 bytes in 0 blocksVersion info:
PHP 8.3.11 (cli) (built: Sep 15 2024 18:27:47) (NTS DEBUG)
Copyright (c) The PHP Group
Zend Engine v4.3.11, Copyright (c) Zend Technologies
msgpack
MessagePack Support => enabled
Session Support => enabled
MessagePack APCu Serializer ABI => no
extension Version => 3.0.0
header Version => 3.2.0
Directive => Local Value => Master Value
msgpack.error_display => On => On
msgpack.php_only => On => On
msgpack.assoc => On => On
msgpack.illegal_key_insert => Off => Off
msgpack.use_str8_serialization => On => OnLet me know if you need any more information. I might try and track it down but I'm not very familiar with the internal working of the library 😄