Fix memory leak in tidy_repair_file()

nielsdos · nielsdos · commit fe196d47377a · 2024-07-07T21:56:56.000+02:00
When dealing with a file, we must free the contents if the function
fails. While here, also fix the error message because previously it
sounded like the filename was too long while in fact the file itself
is too large.
diff --git a/ext/tidy/tests/parsing_file_too_large.phpt b/ext/tidy/tests/parsing_file_too_large.phpt
@@ -47,6 +47,12 @@ try {
 } catch (\Throwable $e) {
     echo $e::class, ': ', $e->getMessage(), PHP_EOL;
 }
+
+try {
+    tidy_repair_file($path);
+} catch (\Throwable $e) {
+    echo $e::class, ': ', $e->getMessage(), PHP_EOL;
+}
 ?>
 --CLEAN--
 <?php
@@ -58,3 +64,4 @@ int(0)
 ValueError: Input string is too long
 ValueError: Input string is too long
 ValueError: Input string is too long
+ValueError: tidy_repair_file(): Argument #1 ($filename) Input string is too long
diff --git a/ext/tidy/tidy.c b/ext/tidy/tidy.c
@@ -304,7 +304,12 @@ static void php_tidy_quick_repair(INTERNAL_FUNCTION_PARAMETERS, bool is_file)
 	}
 
 	if (ZEND_SIZE_T_UINT_OVFL(ZSTR_LEN(data))) {
-		zend_argument_value_error(1, "is too long");
+		if (is_file) {
+			zend_string_release_ex(data, false);
+			zend_argument_value_error(1, "Input string is too long");
+		} else {
+			zend_argument_value_error(1, "is too long");
+		}
 		RETURN_THROWS();
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -304,7 +304,12 @@ static void php_tidy_quick_repair(INTERNAL_FUNCTION_PARAMETERS, bool is_file)`
`304`	`304`	`}`
`305`	`305`
`306`	`306`	`if (ZEND_SIZE_T_UINT_OVFL(ZSTR_LEN(data))) {`
`307`		`- zend_argument_value_error(1, "is too long");`
	`307`	`+ if (is_file) {`
	`308`	`+ zend_string_release_ex(data, false);`
	`309`	`+ zend_argument_value_error(1, "Input string is too long");`
	`310`	`+ } else {`
	`311`	`+ zend_argument_value_error(1, "is too long");`
	`312`	`+ }`
`308`	`313`	`RETURN_THROWS();`
`309`	`314`	`}`
`310`	`315`