Merge branch 'PHP-8.3' into PHP-8.4

Girgias · Girgias · commit 47b262086a1f · 2024-12-15T22:13:54.000Z
* PHP-8.3:
  ext/pcntl: Fix memory leak in cleanup code of pcntl_exec()
diff --git a/NEWS b/NEWS
@@ -38,6 +38,10 @@ PHP                                                                        NEWS
 - Opcache:
   . opcache_get_configuration() properly reports jit_prof_threshold. (cmb)
 
+- PCNTL:
+  . Fix memory leak in cleanup code of pcntl_exec() when a non stringable
+    value is encountered past the first entry. (Girgias)
+
 - PgSql:
   . Fixed bug GH-17158 (pg_fetch_result Shows Incorrect ArgumentCountError
     Message when Called With 1 Argument). (nielsdos)
diff --git a/ext/pcntl/pcntl.c b/ext/pcntl/pcntl.c
@@ -678,7 +678,9 @@ PHP_FUNCTION(pcntl_exec)
 		envs_hash = Z_ARRVAL_P(envs);
 		envc = zend_hash_num_elements(envs_hash);
 
-		pair = envp = safe_emalloc((envc + 1), sizeof(char *), 0);
+		size_t envp_len = (envc + 1);
+		pair = envp = safe_emalloc(envp_len, sizeof(char *), 0);
+		memset(envp, 0, sizeof(char *) * envp_len);
 		ZEND_HASH_FOREACH_KEY_VAL(envs_hash, key_num, key, element) {
 			if (envi >= envc) break;
 			if (!key) {
@@ -689,9 +691,7 @@ PHP_FUNCTION(pcntl_exec)
 
 			if (!try_convert_to_string(element)) {
 				zend_string_release(key);
-				efree(argv);
-				efree(envp);
-				RETURN_THROWS();
+				goto cleanup_env_vars;
 			}
 
 			/* Length of element + equal sign + length of key + null */
@@ -714,6 +714,7 @@ PHP_FUNCTION(pcntl_exec)
 			php_error_docref(NULL, E_WARNING, "Error has occurred: (errno %d) %s", errno, strerror(errno));
 		}
 
+cleanup_env_vars:
 		/* Cleanup */
 		for (pair = envp; *pair != NULL; pair++) efree(*pair);
 		efree(envp);
diff --git a/ext/pcntl/tests/pcntl_exec_invalid_strings.phpt b/ext/pcntl/tests/pcntl_exec_invalid_strings.phpt
@@ -0,0 +1,25 @@
+--TEST--
+pcntl_exec(): Test cleanup after non-stringable array value has been encountered for $args and $env_vars.
+--EXTENSIONS--
+pcntl
+--FILE--
+<?php
+try {
+    pcntl_exec('cmd', ['-n', new stdClass()]);
+} catch (Throwable $e) {
+    echo $e::class, ': ', $e->getMessage(), "\n";
+}
+
+try {
+    pcntl_exec(
+        'cmd',
+        ['-n'],
+        ['var1' => 'value1', 'var2' => new stdClass()],
+    );
+} catch (Throwable $e) {
+    echo $e::class, ': ', $e->getMessage(), "\n";
+}
+?>
+--EXPECT--
+Error: Object of class stdClass could not be converted to string
+Error: Object of class stdClass could not be converted to string
