[PHP-DEV] magic_quotes_runtime

Mon, 26 Aug 2002 05:58:45 -0700 

As far as i know, no function that recognizes magic_quotes_runtime
is supposed to change a parameters value.

The fillowing script should output "good" for magig_quotes_runtime beeing
set 'off' as well as for 'On'. But fwrite() function changes the input string
even though input is no reference as you can see by looking at the
prototype: int fwrite ( int fp, string string [, int length])

I checked the code and it also produces a memory leak since it creates
a copy of the parameters value but does neither free it nor restores the
original output.

As this behaviour is neither documented nor a default behavior i will apply
a patch soon after i have looked for more functions havin this problem...

The test script:
<?php
ini_set('magic_quotes_runtime',0);
         $input = "2003-5-12";
         $output = 
preg_replace_callback("/(19|20)(\d{2})-(\d{1,2})-(\d{1,2})/", 
'preg_callback', $input);
         if ($fp = @fopen('short.out', 'w')) {

                 @fwrite($fp, $output); // THIS CALL CAUSES THE MEMORY LEAK 
AND SCRIPT FAILURE

                 @fclose($fp);
         }
         echo $output=="5\/12\/2003\n" ? "good\n" : "fail\n";

         function preg_callback($string) {
                 return 
"${string[3]}\/${string[4]}\/${string[1]}${string[2]}\n";
         }
?>

The Diff:

cvs -z3 -q diff ext\standard\file.c (in directory S:\php4\)
Index: ext/standard/file.c
===================================================================
RCS file: /repository/php4/ext/standard/file.c,v
retrieving revision 1.249
diff -u -r1.249 file.c
--- ext/standard/file.c 25 Aug 2002 18:21:40 -0000      1.249
+++ ext/standard/file.c 26 Aug 2002 13:14:17 -0000
@@ -1320,6 +1320,7 @@
         int ret, type;
         int num_bytes;
         void *what;
+       char *buffer = NULL;

         switch (ZEND_NUM_ARGS()) {
         case 2:
@@ -1347,11 +1348,14 @@
         ZEND_VERIFY_RESOURCE(what);

         if (!arg3 && PG(magic_quotes_runtime)) {
-               zval_copy_ctor(*arg2);
-               php_stripslashes(Z_STRVAL_PP(arg2), &num_bytes TSRMLS_CC);
+               buffer = estrndup(Z_STRVAL_PP(arg2), Z_STRLEN_PP(arg2));
+               php_stripslashes(buffer, &num_bytes TSRMLS_CC);
         }

-       ret = php_stream_write((php_stream *) what, Z_STRVAL_PP(arg2), 
num_bytes);
+       ret = php_stream_write((php_stream *) what, buffer ? buffer : 
Z_STRVAL_PP(arg2), num_bytes);
+       if (buffer) {
+               efree(buffer);
+       }

         RETURN_LONG(ret);
  }


To Sebastion: This is reproduces the memory leak i already mentioned to you...

regards
marcus



--------->>> mailto:[EMAIL PROTECTED] <<<------------
         I don't want to start any blashphemous rumours
         but i think that god's got a sick sense of humor
         and when i die i expect to find him laughing.
                                              Depeche Mode
--------------->>> http://www.marcus-boerger.de <<<-------------------

Reply via email to