Fix memory leak of function attribute hash table (#8070)

    ==109253== 280 (56 direct, 224 indirect) bytes in 1 blocks are definitely lost in loss record 4 of 4
    ==109253==    at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==109253==    by 0x6D9FA2: __zend_malloc (zend_alloc.c:3068)
    ==109253==    by 0x745138: zend_add_attribute (zend_attributes.c:226)
    ==109253==    by 0x6680D1: zend_add_parameter_attribute (zend_attributes.h:102)
    ==109253==    by 0x66B787: zm_startup_zend_test (test.c:478)
    ==109253==    by 0x7224CD: zend_startup_module_ex (zend_API.c:2202)
    ==109253==    by 0x72252C: zend_startup_module_zval (zend_API.c:2217)
    ==109253==    by 0x734288: zend_hash_apply (zend_hash.c:2011)
    ==109253==    by 0x722C30: zend_startup_modules (zend_API.c:2328)
    ==109253==    by 0x67409B: php_module_startup (main.c:2256)
    ==109253==    by 0x88EDDE: php_cli_startup (php_cli.c:409)
    ==109253==    by 0x890F61: main (php_cli.c:1334)

Author: TimWolla

NEWS

@@ -4,6 +4,8 @@ PHP                                                                        NEWS
 
 - Core:
   . Fixed freeing of internal attribute arguments. (Bob)
+  . Fixed bug GH-8070 (memory leak of internal function attribute hash).
+    (Tim Düsterhus)
 
 - Intl:
   . Fixed bug GH-8142 (Compilation error on cygwin). (David Carlier)

Zend/zend.c

@@ -624,6 +624,22 @@ static void function_copy_ctor(zval *zv) /* {{{ */
 		}
 		func->common.arg_info = new_arg_info + 1;
 	}
+	if (old_func->common.attributes) {
+		zend_attribute *old_attr;
+
+		func->common.attributes = NULL;
+
+		ZEND_HASH_PACKED_FOREACH_PTR(old_func->common.attributes, old_attr) {
+			uint32_t i;
+			zend_attribute *attr;
+
+			attr = zend_add_attribute(&func->common.attributes, old_attr->name, old_attr->argc, old_attr->flags, old_attr->offset, old_attr->lineno);
+
+			for (i = 0 ; i < old_attr->argc; i++) {
+				ZVAL_DUP(&attr->args[i].value, &old_attr->args[i].value);
+			}
+		} ZEND_HASH_FOREACH_END();
+	}
 }
 /* }}} */
 

Zend/zend_opcode.c

@@ -153,6 +153,11 @@ ZEND_API void zend_function_dtor(zval *zv)
 		/* For methods this will be called explicitly. */
 		if (!function->common.scope) {
 			zend_free_internal_arg_info(&function->internal_function);
+
+			if (function->common.attributes) {
+				zend_hash_release(function->common.attributes);
+				function->common.attributes = NULL;
+			}
 		}
 
 		if (!(function->common.fn_flags & ZEND_ACC_ARENA_ALLOCATED)) {
@@ -394,11 +399,17 @@ ZEND_API void destroy_zend_class(zval *zv)
 			zend_hash_destroy(&ce->properties_info);
 			zend_string_release_ex(ce->name, 1);
 
-			/* TODO: eliminate this loop for classes without functions with arg_info */
+			/* TODO: eliminate this loop for classes without functions with arg_info / attributes */
 			ZEND_HASH_FOREACH_PTR(&ce->function_table, fn) {
-				if ((fn->common.fn_flags & (ZEND_ACC_HAS_RETURN_TYPE|ZEND_ACC_HAS_TYPE_HINTS)) &&
-				    fn->common.scope == ce) {
-					zend_free_internal_arg_info(&fn->internal_function);
+				if (fn->common.scope == ce) {
+					if (fn->common.fn_flags & (ZEND_ACC_HAS_RETURN_TYPE|ZEND_ACC_HAS_TYPE_HINTS)) {
+						zend_free_internal_arg_info(&fn->internal_function);
+					}
+
+					if (fn->common.attributes) {
+						zend_hash_release(fn->common.attributes);
+						fn->common.attributes = NULL;
+					}
 				}
 			} ZEND_HASH_FOREACH_END();