ID:               45405
 User updated by:  Federico Cuello <fedux at lugmen dot org dot ar>
 Reported By:      Federico Cuello <fedux at lugmen dot org dot ar>
 Status:           Open
 Bug Type:         SNMP related
 Operating System: Linux
 PHP Version:      5.2.6
 New Comment:

Leak fix patch:

--- ext/snmp/snmp.c.orig        2008-07-01 11:21:10.000000000 -0300
+++ ext/snmp/snmp.c     2008-07-01 11:21:18.000000000 -0300
@@ -417,13 +417,13 @@
        while (keepwalking) {
                keepwalking = 0;
                if ((st == SNMP_CMD_GET) || (st == SNMP_CMD_GETNEXT))
{
-                       pdu = snmp_pdu_create((st == SNMP_CMD_GET) ?
SNMP_MSG_GET : SNMP_MSG_GETNEXT);
                        name_length = MAX_OID_LEN;
                        if (!snmp_parse_oid(objid, name, &name_length))
{
                                php_error_docref(NULL TSRMLS_CC,
E_WARNING, "Invalid object identifier: %s", objid);
                                snmp_close(ss);
                                RETURN_FALSE;
                        }
+                       pdu = snmp_pdu_create((st == SNMP_CMD_GET) ?
SNMP_MSG_GET : SNMP_MSG_GETNEXT);
                        snmp_add_null_var(pdu, name, name_length);
                } else if (st == SNMP_CMD_SET) {
                        pdu = snmp_pdu_create(SNMP_MSG_SET);
@@ -434,6 +434,7 @@
                                sprint_objid(buf, name, name_length);
 #endif
                                php_error_docref(NULL TSRMLS_CC,
E_WARNING, "Could not add variable: %s %c %s", buf, type, value);
+                               snmp_free_pdu(pdu);
                                snmp_close(ss);
                                RETURN_FALSE;
                        }
@@ -455,6 +456,7 @@
                                for (vars = response->variables; vars;
vars = vars->next_variable) {
                                        if (st >= SNMP_CMD_WALK && st
!= SNMP_CMD_SET &&
                                                (vars->name_length <
rootlen || memcmp(root, vars->name, rootlen * sizeof(oid)))) {
+                                              
snmp_free_pdu(response);
                                                continue;       /* not
part of this subtree */
                                        }

@@ -467,11 +469,13 @@
                                                *return_value =
*snmpval;
                                               
zval_copy_ctor(return_value);
                                               
zval_ptr_dtor(&snmpval);
+                                              
snmp_free_pdu(response);
                                                snmp_close(ss);
                                                return;
                                        } else if (st ==
SNMP_CMD_GETNEXT) {
                                                *return_value =
*snmpval;
                                               
zval_copy_ctor(return_value);
+                                              
snmp_free_pdu(response);
                                                snmp_close(ss);
                                                return;
                                        } else if (st == SNMP_CMD_WALK)
{
@@ -510,23 +514,28 @@
                                        }
                                        if (st == SNMP_CMD_GET) {
                                                if ((pdu =
snmp_fix_pdu(response, SNMP_MSG_GET)) != NULL) {
+                                                      
snmp_free_pdu(response);
                                                        goto retry;
                                                }
                                        } else if (st == SNMP_CMD_SET)
{
                                                if ((pdu =
snmp_fix_pdu(response, SNMP_MSG_SET)) != NULL) {
+                                                      
snmp_free_pdu(response);
                                                        goto retry;
                                                }
                                        } else if (st ==
SNMP_CMD_GETNEXT) {
                                                if ((pdu =
snmp_fix_pdu(response, SNMP_MSG_GETNEXT)) != NULL) {
+                                                      
snmp_free_pdu(response);
                                                        goto retry;
                                                }
                                        } else if (st >= SNMP_CMD_WALK)
{ /* Here we do walks. */
                                                if ((pdu =
snmp_fix_pdu(response, ((session->version == SNMP_VERSION_1)
                                                                       
        ? SNMP_MSG_GETNEXT
                                                                       
        : SNMP_MSG_GETBULK))) != NULL) {
+                                                      
snmp_free_pdu(response);
                                                        goto retry;
                                                }
                                        }
+                                       snmp_free_pdu(response);
                                        snmp_close(ss);
                                        if (st == SNMP_CMD_WALK || st
== SNMP_CMD_REALWALK) {
                                               
zval_dtor(return_value);


Previous Comments:
------------------------------------------------------------------------

[2008-07-01 14:52:40] Federico Cuello <fedux at lugmen dot org dot ar>

Description:
------------
The snmp extension leaks memory.

Reproduce code:
---------------
<?php
while(1) {
   $oid = "HOST-RESOURCES-MIB::hrSystemUptime.0";
   $data = snmpget('localhost', 'public' , $oid);
   print "\n";
   var_export($data);
}
?>

Expected result:
----------------
Memory use should not increment continuously.

Actual result:
--------------
Memory use increases.

Valgrind output:

==21733== 2,280 (432 direct, 1,848 indirect) bytes in 3 blocks are
definitely lost in loss record 64 of 67
==21733==    at 0x4022998: malloc (in
/usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==21733==    by 0x45F01A3: _clone_pdu_header (in
/usr/lib/libnetsnmp.so.15.0.0)
==21733==    by 0x45F0374: _clone_pdu (in
/usr/lib/libnetsnmp.so.15.0.0)
==21733==    by 0x45F0595: snmp_synch_input (in
/usr/lib/libnetsnmp.so.15.0.0)
==21733==    by 0x4617F0B: _sess_process_packet (in
/usr/lib/libnetsnmp.so.15.0.0)
==21733==    by 0x461A2DD: _sess_read (in
/usr/lib/libnetsnmp.so.15.0.0)
==21733==    by 0x461B1F8: snmp_sess_read (in
/usr/lib/libnetsnmp.so.15.0.0)
==21733==    by 0x461B25B: snmp_read (in
/usr/lib/libnetsnmp.so.15.0.0)
==21733==    by 0x45EF7C1: snmp_synch_response_cb (in
/usr/lib/libnetsnmp.so.15.0.0)
==21733==    by 0x45EF8A4: snmp_synch_response (in
/usr/lib/libnetsnmp.so.15.0.0)
==21733==    by 0x818BBAA: php_snmp_internal (in
/usr/lib/php5/bin/php)
==21733==    by 0x818D910: php_snmp (in /usr/lib/php5/bin/php)
==21733==    by 0x82CDC17: zend_do_fcall_common_helper_SPEC (in
/usr/lib/php5/bin/php)
==21733==    by 0x82CCA2B: execute (in /usr/lib/php5/bin/php)
==21733==    by 0x82ABE0B: zend_execute_scripts (in
/usr/lib/php5/bin/php)
==21733==    by 0x8264941: php_execute_script (in
/usr/lib/php5/bin/php)
==21733==    by 0x83397C2: main (in /usr/lib/php5/bin/php) 


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=45405&edit=1

Reply via email to