WordPress.org

Make WordPress Core

Opened 5 months ago

Closed 5 weeks ago

#49700 closed defect (bug) (fixed)

IXR_Message XML parsing leaks memory in PHP 7.0.0 and above

Reported by: procifer Owned by: SergeyBiryukov
Milestone: 5.5 Priority: normal
Severity: normal Version:
Component: XML-RPC Keywords: has-patch
Focuses: Cc:

Description

IXR_Message uses the xml_parser_free function after it has parsed an XML RPC response. However, as of PHP 7.0.0, it's also necessary to explicitly unset the reference to the parser to avoid memory leaks:
https://www.php.net/manual/en/function.xml-parser-free.php

I'm including a patch that adds an unset after the parser is freed, and also adds a xml_parser_free/unset pair before returning early when the parser fails.

I also see other uses of xml_parser_free in a quick search of the codebase, so might be good for someone with more knowledge than me to review those as well.

Attachments (1)

ixr_message_memory_leak_patch.diff (828 bytes) - added by procifer 5 months ago.

Download all attachments as: .zip

Change History (6)

#1 @procifer
5 months ago

  • Keywords has-patch added

#2 follow-up: @ayeshrajans
4 months ago

Hi @procifer - welcome to WordPress Trac. This indeed is a great find, and the patch looks good to me too.

#3 in reply to: ↑ 2 @procifer
4 months ago

Replying to ayeshrajans:

Hi @procifer - welcome to WordPress Trac. This indeed is a great find, and the patch looks good to me too.

Thank you so much @ayeshrajans !

#4 @SergeyBiryukov
4 months ago

  • Milestone changed from Awaiting Review to 5.5
  • Owner set to SergeyBiryukov
  • Status changed from new to reviewing

#5 @SergeyBiryukov
5 weeks ago

  • Resolution set to fixed
  • Status changed from reviewing to closed

In 48322:

XML-RPC: Explicitly unset the reference to the parser resource after calling xml_parser_free() to avoid memory leaks in PHP 7.0.0 or higher.

Props procifer, ayeshrajans.
Fixes #49700.

Note: See TracTickets for help on using tickets.