Try to write an internal function in the PHP extension, the results reported memory leak, looking for a long time did not find the reason

Question

Recently, I read a book about PHP extensions and are ready to write a function, the function prototype is as follows:

array_groupBy(string $key, array $input, $forget = false):array

The function of this function is to group the $input in accordance with the $key corresponding to the value of the group,$forget indicates whether the array after the group needs to delete $key, $clourse is a callable type, and if exists, the value corresponding to $key will be passed to the closure Inside the function, the closure function returns the new string as the key of the new array, like this:

and output:

and source code

PHP_FUNCTION(array_groupBy){

    zend_string *key;
    zval *input, *val, *key_zval;
    zval group_zval, copy, retval, copy_key_zval;
    zend_bool forget = 0, have_callback = 0;
    HashTable *ht;
    zend_fcall_info fcall_info = empty_fcall_info;
    zend_fcall_info_cache fcall_info_cache = empty_fcall_info_cache;
    int ret;

    ZEND_PARSE_PARAMETERS_START(2, 4)
        Z_PARAM_STR(key)
        Z_PARAM_ARRAY(input)
        Z_PARAM_OPTIONAL
        Z_PARAM_BOOL(forget)
        Z_PARAM_FUNC(fcall_info, fcall_info_cache)
    ZEND_PARSE_PARAMETERS_END();

    if(ZEND_NUM_ARGS() > 3){
        have_callback = 1;
    }

    ht = (HashTable *)emalloc(sizeof(HashTable));
    zend_hash_init(ht, 0, NULL, ZVAL_PTR_DTOR, 0);

    ZEND_HASH_FOREACH_VAL(Z_ARR_P(input), val){

        ZVAL_COPY(&copy, val);

        key_zval = zend_symtable_find(Z_ARR_P(val), key);
        if(have_callback){
            ZVAL_COPY(&copy_key_zval, key_zval);
            fcall_info.retval = &retval;
            fcall_info.params = &copy_key_zval;
            fcall_info.no_separation = 0;
            fcall_info.param_count = 1;
            ret = zend_call_function(&fcall_info, &fcall_info_cache);
            zval_ptr_dtor(&copy_key_zval);
            if(ret != SUCCESS || Z_TYPE(retval) == IS_UNDEF){
                zend_array_destroy(ht);
                RETURN_NULL();
            }
            ZVAL_STR(&copy_key_zval, Z_STR(retval));
        }else{
            ZVAL_STR(&copy_key_zval, zend_string_dup(Z_STR_P(key_zval), 0));
        }
        convert_to_string(&copy_key_zval);
        //GC_REFCOUNT(Z_STR(copy_key_zval)--;

        if(zend_hash_exists(ht, Z_STR(copy_key_zval))){
            group_zval = *zend_hash_find(ht, Z_STR(copy_key_zval));
        }else{
            array_init(&group_zval);
            zend_hash_add_new(ht, Z_STR(copy_key_zval), &group_zval);
        }

        if(forget){
            SEPARATE_ARRAY(&copy);
            zend_symtable_del(Z_ARR(copy), key);
        }
        add_next_index_zval(&group_zval, &copy);

    }ZEND_HASH_FOREACH_END();

    RETURN_ARR(ht);
}

The result is correct, but report "total 3 memory leak detected", When i open GC_REFCOUNT(Z_STR(copy_key_zval))--, report "total 1 memory leak detected". Because I do not know how to debug the above code, leading me to find a long time can not find the reason, someone can help me?

php_version PHP 7.2.0-dev (cli) (built: Mar 31 2017 10:47:40) ( NTS DEBUG ) Copyright (c) 1997-2017 The PHP Group Zend Engine v3.2.0-dev, Copyright (c) 1998-2017 Zend Technologies

Answer 1

You aren't releasing the string in copy_key_zval after adding it to the array. When it's initially created it'll have a refcount of 1, and when it's added to the array it'll have a refcount of 2; PHP assumes your function is hanging onto it until you tell it otherwise. You need to release its content with zval_ptr_dtor() after it's been used.

Likewise, you aren't releasing the array in copy after separating it.