ImportExport problem with new destructor of Varien_Image_Adapter_Gd2 in 1.9.2.0

That looks like they tried to make sure to destroy the image resource, but instead introduced a memory leak. I cannot think of a valid reason for this code, to be honest, but I can explain what has been changed:

Originally, imagedestroy() would have been called in the desctructor __destruct()

function __destruct()
{
    @imagedestroy($this->_imageHandler);
}

The destructor is called whenever the PHP garbage collector destroys unused objects (i.e. objects in memory that are not referenced anymore).

Now, imagedestroy() is instead called in a shutdown function and since this is a callback to a method of the Varien_Image_Adapter_Gd2 object, it cannot even be garbage collected until the very end. This way all image resources stay open until script execution finishes.


Having the same problems with my Magento 1.9.2.0...

I only get this to work by changing Varien_Image_Adapter_Gd2 in /lib/Varien/Image/Adapter/Gd2.php as follows:

public function __construct()
{
    // Initialize shutdown function
    // register_shutdown_function(array($this, 'destruct'));
}

/**
 * Destroy object image on shutdown
 */
public function __destruct()
{
    @imagedestroy($this->_imageHandler);
}
  • remove line with register_shutdown_function (or comment out)
  • change function name destruct to __destruct

I have set memory_limit back to 1G (previously i raised up to 32GB) and now it works...

This project implements said procedure in a modman friendly way. Just install it with composer and you're good to go.


It was part of fixing security issues with unserialize. Magic methods like __destruct have inherent issues with serialization.

We have seen exploits proposed that were using serialization and __destruct to create files in the file system - and this change (you will see more similar changes in other places) was done to avoid this.

Does it cause memory leak or just use more memory until script finishes?

https://security.stackexchange.com/questions/77549/is-php-unserialize-exploitable-without-any-interesting-methods