WordPress.org

Make WordPress Core

Opened 2 weeks ago

Last modified 12 days ago

#49700 reviewing defect (bug)

IXR_Message XML parsing leaks memory in PHP 7.0.0 and above

Reported by: procifer Owned by: SergeyBiryukov
Milestone: 5.5 Priority: normal
Severity: normal Version:
Component: XML-RPC Keywords: has-patch
Focuses: Cc:

Description

IXR_Message uses the xml_parser_free function after it has parsed an XML RPC response. However, as of PHP 7.0.0, it's also necessary to explicitly unset the reference to the parser to avoid memory leaks:
https://www.php.net/manual/en/function.xml-parser-free.php

I'm including a patch that adds an unset after the parser is freed, and also adds a xml_parser_free/unset pair before returning early when the parser fails.

I also see other uses of xml_parser_free in a quick search of the codebase, so might be good for someone with more knowledge than me to review those as well.

Attachments (1)

ixr_message_memory_leak_patch.diff (828 bytes) - added by procifer 2 weeks ago.

Download all attachments as: .zip

Change History (5)

#1 @procifer
2 weeks ago

  • Keywords has-patch added

#2 follow-up: @ayeshrajans
12 days ago

Hi @procifer - welcome to WordPress Trac. This indeed is a great find, and the patch looks good to me too.

#3 in reply to: ↑ 2 @procifer
12 days ago

Replying to ayeshrajans:

Hi @procifer - welcome to WordPress Trac. This indeed is a great find, and the patch looks good to me too.

Thank you so much @ayeshrajans !

#4 @SergeyBiryukov
12 days ago

  • Milestone changed from Awaiting Review to 5.5
  • Owner set to SergeyBiryukov
  • Status changed from new to reviewing
Note: See TracTickets for help on using tickets.