diff options
author | Nikita Popov <nikita.ppv@gmail.com> | 2019-08-26 10:26:49 +0200 |
---|---|---|
committer | Nikita Popov <nikita.ppv@gmail.com> | 2019-08-26 10:26:49 +0200 |
commit | a26f63213d29b85bf44e22163ddb0b735623617f (patch) | |
tree | c7db267e9c9917678b0517588bdbaccf290991f8 | |
parent | d1646e328aff679dccf5597476e98c182fe4365c (diff) | |
parent | 16d35eb643bf974554e5264021ee10fc969e2053 (diff) | |
download | php-git-a26f63213d29b85bf44e22163ddb0b735623617f.tar.gz |
Merge branch 'PHP-7.2' into PHP-7.3
-rw-r--r-- | Zend/zend_alloc.c | 10 | ||||
-rw-r--r-- | ext/standard/tests/strings/wordwrap_memory_limit.phpt | 18 |
2 files changed, 23 insertions, 5 deletions
diff --git a/Zend/zend_alloc.c b/Zend/zend_alloc.c index 11f5b46bd9..035e23f1db 100644 --- a/Zend/zend_alloc.c +++ b/Zend/zend_alloc.c @@ -982,7 +982,7 @@ get_chunk: heap->cached_chunks = chunk->next; } else { #if ZEND_MM_LIMIT - if (UNEXPECTED(heap->real_size + ZEND_MM_CHUNK_SIZE > heap->limit)) { + if (UNEXPECTED(ZEND_MM_CHUNK_SIZE > heap->limit - heap->real_size)) { if (zend_mm_gc(heap)) { goto get_chunk; } else if (heap->overflow == 0) { @@ -1510,8 +1510,8 @@ static zend_never_inline void *zend_mm_realloc_huge(zend_mm_heap *heap, void *pt } } else /* if (new_size > old_size) */ { #if ZEND_MM_LIMIT - if (UNEXPECTED(heap->real_size + (new_size - old_size) > heap->limit)) { - if (zend_mm_gc(heap) && heap->real_size + (new_size - old_size) <= heap->limit) { + if (UNEXPECTED(new_size - old_size > heap->limit - heap->real_size)) { + if (zend_mm_gc(heap) && new_size - old_size <= heap->limit - heap->real_size) { /* pass */ } else if (heap->overflow == 0) { #if ZEND_DEBUG @@ -1799,8 +1799,8 @@ static void *zend_mm_alloc_huge(zend_mm_heap *heap, size_t size ZEND_FILE_LINE_D void *ptr; #if ZEND_MM_LIMIT - if (UNEXPECTED(heap->real_size + new_size > heap->limit)) { - if (zend_mm_gc(heap) && heap->real_size + new_size <= heap->limit) { + if (UNEXPECTED(new_size > heap->limit - heap->real_size)) { + if (zend_mm_gc(heap) && new_size <= heap->limit - heap->real_size) { /* pass */ } else if (heap->overflow == 0) { #if ZEND_DEBUG diff --git a/ext/standard/tests/strings/wordwrap_memory_limit.phpt b/ext/standard/tests/strings/wordwrap_memory_limit.phpt new file mode 100644 index 0000000000..fb0cc5c3bc --- /dev/null +++ b/ext/standard/tests/strings/wordwrap_memory_limit.phpt @@ -0,0 +1,18 @@ +--TEST-- +No overflow should occur during the memory_limit check for wordwrap() +--SKIPIF-- +<?php +if (getenv("USE_ZEND_ALLOC") === "0") die("skip Zend MM disabled"); +?> +--INI-- +memory_limit=128M +--FILE-- +<?php + +$str = str_repeat('x', 65534); +$str2 = str_repeat('x', 65535); +wordwrap($str, 1, $str2); + +?> +--EXPECTF-- +Fatal error: Allowed memory size of 134217728 bytes exhausted%s(tried to allocate %d bytes) in %s on line %d |