Skip to content

Fix memory leaks in ext-tidy #10545

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 3 commits into from
Closed

Fix memory leaks in ext-tidy #10545

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
27006ed
Fix memory leaks in ext-tidy
Girgias Feb 8, 2023
ccc21ec
Use a sparse file
Girgias Feb 9, 2023
54b5d61
Test for 64bits only
Girgias Feb 9, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 56 additions & 0 deletions ext/tidy/tests/parsing_file_too_large.phpt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
--TEST--
Trying to parse a file that is too large (over 4GB)
--EXTENSIONS--
tidy
--SKIPIF--
<?php
if (PHP_INT_SIZE != 8) die("skip this test is for 64bit platform only");
if (getenv("SKIP_SLOW_TESTS")) die("skip slow test");
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we really need this test? It causes issues in CI. We should at least disable it for ASAN/UBSAN/MSAN.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd prefer to have such a test, but skiping it for ASAN/UBSAN/MSAN can make sense, as this what caught by ZMM anyway.

?>
--INI--
memory_limit="5G"
--FILE--
<?php

$path = __DIR__ . '/too_large_test.html';
$file = fopen($path, 'w+');

// Write over 4GB
const MIN_FILE_SIZE = 4_294_967_295;

var_dump(fseek($file, MIN_FILE_SIZE+10));
$s = str_repeat("a", 10);
$bytes_written = fwrite($file, $s);
if ($bytes_written === false) {
echo "Didn't write bytes\n";
}

$tidy = new tidy;
try {
var_dump($tidy->parseFile($path));
} catch (\Throwable $e) {
echo $e::class, ': ', $e->getMessage(), PHP_EOL;
}

try {
var_dump(tidy_parse_file($path));
} catch (\Throwable $e) {
echo $e::class, ': ', $e->getMessage(), PHP_EOL;
}

try {
$tidy = new tidy($path);
} catch (\Throwable $e) {
echo $e::class, ': ', $e->getMessage(), PHP_EOL;
}
?>
--CLEAN--
<?php
$path = __DIR__ . '/too_large_test.html';
unlink($path);
?>
--EXPECT--
int(0)
ValueError: Input string is too long
ValueError: Input string is too long
ValueError: Input string is too long
22 changes: 22 additions & 0 deletions ext/tidy/tests/parsing_inexistent_file.phpt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
--TEST--
Trying to parse a non existent file
--EXTENSIONS--
tidy
--FILE--
<?php

$tidy = new tidy;
var_dump($tidy->parseFile("does_not_exist.html"));

var_dump(tidy_parse_file("does_not_exist.html"));

$tidy = new tidy("does_not_exist.html");
?>
--EXPECTF--
Warning: tidy::parseFile(): Cannot load "does_not_exist.html" into memory in %s on line %d
bool(false)

Warning: tidy_parse_file(): Cannot load "does_not_exist.html" into memory in %s on line %d
bool(false)

Warning: tidy::__construct(): Cannot load "does_not_exist.html" into memory in %s on line %d
9 changes: 6 additions & 3 deletions ext/tidy/tidy.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1059,19 +1059,20 @@ PHP_FUNCTION(tidy_parse_file)
Z_PARAM_BOOL(use_include_path)
ZEND_PARSE_PARAMETERS_END();

tidy_instanciate(tidy_ce_doc, return_value);
obj = Z_TIDY_P(return_value);

if (!(contents = php_tidy_file_to_mem(ZSTR_VAL(inputfile), use_include_path))) {
php_error_docref(NULL, E_WARNING, "Cannot load \"%s\" into memory%s", ZSTR_VAL(inputfile), (use_include_path) ? " (using include path)" : "");
RETURN_FALSE;
}

if (ZEND_SIZE_T_UINT_OVFL(ZSTR_LEN(contents))) {
zend_string_release_ex(contents, 0);
zend_value_error("Input string is too long");
RETURN_THROWS();
}

tidy_instanciate(tidy_ce_doc, return_value);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good but are you fixing just a bit more than memory leak here ?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

never mind, just saw the rest of your commit message.

obj = Z_TIDY_P(return_value);

TIDY_APPLY_CONFIG(obj->ptdoc->doc, options_str, options_ht);

if (php_tidy_parse_string(obj, ZSTR_VAL(contents), (uint32_t)ZSTR_LEN(contents), enc) == FAILURE) {
Expand Down Expand Up @@ -1362,6 +1363,7 @@ PHP_METHOD(tidy, __construct)
}

if (ZEND_SIZE_T_UINT_OVFL(ZSTR_LEN(contents))) {
zend_string_release_ex(contents, 0);
zend_value_error("Input string is too long");
RETURN_THROWS();
}
Expand Down Expand Up @@ -1400,6 +1402,7 @@ PHP_METHOD(tidy, parseFile)
}

if (ZEND_SIZE_T_UINT_OVFL(ZSTR_LEN(contents))) {
zend_string_release_ex(contents, 0);
zend_value_error("Input string is too long");
RETURN_THROWS();
}
Expand Down