Not checked realloc and malloc result can result in unclean crash #19200
Description
Description
This came from the PVC-Studio analyzer report that reported those case for realloc where the original pointer can be lost in this way:
ZEND_API void zend_collect_module_handlers(void)
{
....
module_request_startup_handlers = (zend_module_entry**)realloc( // <=
module_request_startup_handlers,
sizeof(zend_module_entry*) *
(startup_count + 1 +
shutdown_count + 1 +
post_deactivate_count + 1));
....
}Message: V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer 'module_request_startup_handlers' is lost. Consider assigning realloc() to a temporary pointer.
Path: Zend/zend_API.c
Line: 2514
Other fragments V701
V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer 'zend_version_info' is lost. Consider assigning realloc() to a temporary pointer. zend.c 1299
V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer 'module_request_startup_handlers' is lost. Consider assigning realloc() to a temporary pointer. zend_API.c 2514
V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer 'modules_dl_loaded' is lost. Consider assigning realloc() to a temporary pointer. zend_API.c 2526
V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer 'class_cleanup_handlers' is lost. Consider assigning realloc() to a temporary pointer. zend_API.c 2553
V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer 'zend_flf_handlers' is lost. Consider assigning realloc() to a temporary pointer. zend_API.c 3086
V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer 'zend_flf_functions' is lost. Consider assigning realloc() to a temporary pointer. zend_API.c 3087
V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer 'p' is lost. Consider assigning realloc() to a temporary pointer. zend_alloc.c 3299
V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer 'ce->interfaces' is lost. Consider assigning realloc() to a temporary pointer. zend_inheritance.c 1576
V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer 'ce->interfaces' is lost. Consider assigning realloc() to a temporary pointer. zend_inheritance.c 2194
V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer 'q->set' is lost. Consider assigning realloc() to a temporary pointer. ir_private.h 593
V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer 'strtab->buf' is lost. Consider assigning realloc() to a temporary pointer. ir_strtab.c 81
V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer 'blacklist->entries' is lost. Consider assigning realloc() to a temporary pointer. zend_accelerator_blacklist.c 236
V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer '* tmphstbuf' is lost. Consider assigning realloc() to a temporary pointer. network.c 1296
V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer 'php_ini_scanned_files' is lost. Consider assigning realloc() to a temporary pointer. php_ini.c 702
V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer 'b->value' is lost. Consider assigning realloc() to a temporary pointer. php_ini_builder.h 65
V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer 'zend_extensions' is lost. Consider assigning realloc() to a temporary pointer. phpdbg.c 1216
V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer 'state->code' is lost. Consider assigning realloc() to a temporary pointer. phpdbg_prompt.c 245
We have got many more places with malloc where the result is not checked.
The easiest solution would be to use perealloc and pemalloc which should cleanly exit.
It's somewhere between a bug and improvement but treating that as a bug would reduce the conflicts for future fixes and the risk should be quite minimal in this replacement.
PHP Version
PHP 8.3
Operating System
No response