clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-21 18:07:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'PHP-7.2' into PHP-7.3

Browse Source 
* PHP-7.2:
  Fix #78620: Out of memory error
This commit is contained in:
Christoph M. Becker 2019-10-04 09:09:25 +02:00
commit cf183a5e2c
4 changed files with 28 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
NEWS
View File

@ -5,6 +5,7 @@ PHP NEWS
- Core: - Core:
. Fixed bug #78535 (auto_detect_line_endings value not parsed as bool). . Fixed bug #78535 (auto_detect_line_endings value not parsed as bool).
(bugreportuser) (bugreportuser)
. Fixed bug #78620 (Out of memory error). (cmb, Nikita)
- Exif : - Exif :
. Fixed bug #78442 ('Illegal component' on exif_read_data since PHP7) . Fixed bug #78442 ('Illegal component' on exif_read_data since PHP7)

9
Zend/zend_alloc.c
View File

@ -1792,12 +1792,17 @@ static void *zend_mm_alloc_huge(zend_mm_heap *heap, size_t size ZEND_FILE_LINE_D
* We allocate them with 2MB size granularity, to avoid many * We allocate them with 2MB size granularity, to avoid many
* reallocations when they are extended by small pieces * reallocations when they are extended by small pieces
*/ */
size_t new_size = ZEND_MM_ALIGNED_SIZE_EX(size, MAX(REAL_PAGE_SIZE, ZEND_MM_CHUNK_SIZE)); size_t alignment = MAX(REAL_PAGE_SIZE, ZEND_MM_CHUNK_SIZE);
#else #else
size_t new_size = ZEND_MM_ALIGNED_SIZE_EX(size, REAL_PAGE_SIZE); size_t alignment = REAL_PAGE_SIZE;
#endif #endif
size_t new_size = ZEND_MM_ALIGNED_SIZE_EX(size, alignment);
void *ptr; void *ptr;
if (UNEXPECTED(new_size < size)) {
zend_error_noreturn(E_ERROR, "Possible integer overflow in memory allocation (%zu + %zu)", size, alignment);
}
#if ZEND_MM_LIMIT #if ZEND_MM_LIMIT
if (UNEXPECTED(new_size > heap->limit - heap->real_size)) { if (UNEXPECTED(new_size > heap->limit - heap->real_size)) {
if (zend_mm_gc(heap) && new_size <= heap->limit - heap->real_size) { if (zend_mm_gc(heap) && new_size <= heap->limit - heap->real_size) {

1
ext/standard/tests/strings/wordwrap_memory_limit.phpt
View File

@ -2,6 +2,7 @@
No overflow should occur during the memory_limit check for wordwrap() No overflow should occur during the memory_limit check for wordwrap()
--SKIPIF-- --SKIPIF--
<?php <?php
if (substr(PHP_OS, 0, 3) == 'WIN' && PHP_INT_SIZE == 4) die("skip this test is not for 32bit Windows platforms");
if (getenv("USE_ZEND_ALLOC") === "0") die("skip Zend MM disabled"); if (getenv("USE_ZEND_ALLOC") === "0") die("skip Zend MM disabled");
?> ?>
--INI-- --INI--

19
ext/standard/tests/strings/wordwrap_memory_limit_win32.phpt Normal file
View File

@ -0,0 +1,19 @@
--TEST--
No overflow should occur during the memory_limit check for wordwrap()
--SKIPIF--
<?php
if (substr(PHP_OS, 0, 3) != 'WIN' || PHP_INT_SIZE != 4) die("skip this test is for 32bit Windows platforms only");
if (getenv("USE_ZEND_ALLOC") === "0") die("skip Zend MM disabled");
?>
--INI--
memory_limit=128M
--FILE--
<?php
$str = str_repeat('x', 65534);
$str2 = str_repeat('x', 65535);
wordwrap($str, 1, $str2);
?>
--EXPECTF--
Fatal error: Possible integer overflow in memory allocation (4294901777 + %d) in %s on line %d