msgpack-php icon indicating copy to clipboard operation
msgpack-php copied to clipboard
verified publisher icon msgpack

Possible memory leak in `php_msgpack_unserialize`

Open michael-grunder opened this issue 1 year ago • 0 comments

Hi :wave:,

I came across a possible memory leak in msgpack

I can reproduce the leak in php 8.2 and 8.3 and in msgpack 2.2.0, 3.0.0, and master.

<?php
$data = hex2bin('89716235369266a1b030656238313037383332393464363764');
$unserialized = msgpack_unserialize($data);
// var_dump($unserialized);

Output:

❯ sapi/cli/php msgpack-reproducer.php

Warning: [msgpack] (msgpack_unserialize_map_item) illegal key type in /home/mike/dev/phpfarm/src/php-8.3.11-debug/msgpack-reproducer.php on line 5

Warning: Array to string conversion in /home/mike/dev/phpfarm/src/php-8.3.11-debug/msgpack-reproducer.php on line 5

Warning: [msgpack] (php_msgpack_unserialize) Extra bytes in /home/mike/dev/phpfarm/src/php-8.3.11-debug/msgpack-reproducer.php on line 5
[Thu Oct  3 10:31:36 2024]  Script:  '/home/mike/dev/phpfarm/src/php-8.3.11-debug/msgpack-reproducer.php'
/home/mike/dev/phpfarm/src/php-8.3.11-debug/Zend/zend_string.h(174) :  Freeing 0x0000749bd1203c40 (32 bytes), script=/home/mike/dev/phpfarm/src/php-8.3.11-debug/msgpack-reproducer.php
[Thu Oct  3 10:31:36 2024]  Script:  '/home/mike/dev/phpfarm/src/php-8.3.11-debug/msgpack-reproducer.php'
/home/mike/dev/phpfarm/src/php-8.3.11-debug/Zend/zend_hash.c(291) :  Freeing 0x0000749bd125db40 (56 bytes), script=/home/mike/dev/phpfarm/src/php-8.3.11-debug/msgpack-reproducer.php
[Thu Oct  3 10:31:36 2024]  Script:  '/home/mike/dev/phpfarm/src/php-8.3.11-debug/msgpack-reproducer.php'
/home/mike/dev/phpfarm/src/php-8.3.11-debug/Zend/zend_hash.c(157) :  Freeing 0x0000749bd1261180 (136 bytes), script=/home/mike/dev/phpfarm/src/php-8.3.11-debug/msgpack-reproducer.php
=== Total 3 memory leaks detected ===

Valgrind has more info:

$ USE_ZEND_ALLOC=0 valgrind sapi/cli/php --leak-check=full msgpack-reproducer.php
=620239== Command: sapi/cli/php msgpack-reproducer.php
==620239==

Warning: [msgpack] (msgpack_unserialize_map_item) illegal key type in /home/mike/dev/phpfarm/src/php-8.3.11-debug/msgpack-reproducer.php on line 5

Warning: Array to string conversion in /home/mike/dev/phpfarm/src/php-8.3.11-debug/msgpack-reproducer.php on line 5

Warning: [msgpack] (php_msgpack_unserialize) Extra bytes in /home/mike/dev/phpfarm/src/php-8.3.11-debug/msgpack-reproducer.php on line 5
==620239==
==620239== HEAP SUMMARY:
==620239==     in use at exit: 224 bytes in 3 blocks
==620239==   total heap usage: 31,171 allocs, 31,167 frees, 21,577,011 bytes allocated
==620239==
==620239== 224 (56 direct, 168 indirect) bytes in 1 blocks are definitely lost in loss record 3 of 3
==620239==    at 0x484977B: malloc (vg_replace_malloc.c:446)
==620239==    by 0xD9BD5B: __zend_malloc (zend_alloc.c:3128)
==620239==    by 0xD9A9B0: _malloc_custom (zend_alloc.c:2491)
==620239==    by 0xD9AAEE: _emalloc (zend_alloc.c:2610)
==620239==    by 0xDED989: _zend_new_array (zend_hash.c:291)
==620239==    by 0x8CA788: msgpack_unserialize_array (msgpack_unpack.c:550)
==620239==    by 0x8C39BA: msgpack_unserialize_execute (unpack_template.h:231)
==620239==    by 0x8C4B9D: php_msgpack_unserialize (msgpack.c:252)
==620239==    by 0x8C4F2D: zif_msgpack_unserialize (msgpack.c:318)
==620239==    by 0xE18118: ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:1337)
==620239==    by 0xE8DBD3: execute_ex (zend_vm_execute.h:57216)
==620239==    by 0xE92419: zend_execute (zend_vm_execute.h:61604)
==620239==
==620239== LEAK SUMMARY:
==620239==    definitely lost: 56 bytes in 1 blocks
==620239==    indirectly lost: 168 bytes in 2 blocks
==620239==      possibly lost: 0 bytes in 0 blocks
==620239==    still reachable: 0 bytes in 0 blocks
==620239==         suppressed: 0 bytes in 0 blocks

Version info:

PHP 8.3.11 (cli) (built: Sep 15 2024 18:27:47) (NTS DEBUG)
Copyright (c) The PHP Group
Zend Engine v4.3.11, Copyright (c) Zend Technologies

msgpack

MessagePack Support => enabled
Session Support => enabled
MessagePack APCu Serializer ABI => no
extension Version => 3.0.0
header Version => 3.2.0

Directive => Local Value => Master Value
msgpack.error_display => On => On
msgpack.php_only => On => On
msgpack.assoc => On => On
msgpack.illegal_key_insert => Off => Off
msgpack.use_str8_serialization => On => On

Let me know if you need any more information. I might try and track it down but I'm not very familiar with the internal working of the library :smile:

michael-grunder avatar Oct 03 '24 17:10 michael-grunder