diff options
| author | Xinchen Hui <laruence@gmail.com> | 2016-08-17 17:14:30 +0800 |
|---|---|---|
| committer | Xinchen Hui <laruence@gmail.com> | 2016-08-17 17:14:30 +0800 |
| commit | ce6ad9bdd96dd3702ef248e5e364400402620dbc (patch) | |
| tree | e4568a0b9239c67999fccb6f75f935a37419f5c7 /Zend/zend_alloc.c | |
| parent | e47773b6266a8bb6d39af7f3ed5630c4698c2f76 (diff) | |
| parent | 1dab8e07f2e14221f534202e7d0c03600b3259eb (diff) | |
| download | php-git-ce6ad9bdd96dd3702ef248e5e364400402620dbc.tar.gz | |
Merge branch 'PHP-7.0' into PHP-7.1
* PHP-7.0: (48 commits)
Update NEWs
Unused label
Fixed bug #72853 (stream_set_blocking doesn't work)
fix test
Bug #72663 - part 3
Bug #72663 - part 2
Bug #72663 - part 1
Update NEWS
BLock test with memory leak
fix tests
Fix TSRM build
Fix bug #72850 - integer overflow in uuencode
Fixed bug #72849 - integer overflow in urlencode
Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption
Fix bug #72838 - Integer overflow lead to heap corruption in sql_regcase
Fix bug #72837 - integer overflow in bzdecompress caused heap corruption
Fix bug #72836 - integer overflow in base64_decode caused heap corruption
Fix for bug #72807 - do not produce strings with negative length
Fix for bug #72790 and bug #72799
Fix bug #72730 - imagegammacorrect allows arbitrary write access
...
Conflicts:
ext/standard/var_unserializer.c
Diffstat (limited to 'Zend/zend_alloc.c')
| -rw-r--r-- | Zend/zend_alloc.c | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/Zend/zend_alloc.c b/Zend/zend_alloc.c index ed7575d256..1d04646f07 100644 --- a/Zend/zend_alloc.c +++ b/Zend/zend_alloc.c @@ -1503,21 +1503,21 @@ static void *zend_mm_realloc_heap(zend_mm_heap *heap, void *ptr, size_t size, si ZEND_MM_CHECK(chunk->heap == heap, "zend_mm_heap corrupted"); if (info & ZEND_MM_IS_SRUN) { - int old_bin_num, bin_num; - - old_bin_num = ZEND_MM_SRUN_BIN_NUM(info); + int old_bin_num = ZEND_MM_SRUN_BIN_NUM(info); old_size = bin_data_size[old_bin_num]; - bin_num = ZEND_MM_SMALL_SIZE_TO_BIN(size); - if (old_bin_num == bin_num) { + if (size <= ZEND_MM_MAX_SMALL_SIZE) { + int bin_num = ZEND_MM_SMALL_SIZE_TO_BIN(size); + if (old_bin_num == bin_num) { #if ZEND_DEBUG - dbg = zend_mm_get_debug_info(heap, ptr); - dbg->size = real_size; - dbg->filename = __zend_filename; - dbg->orig_filename = __zend_orig_filename; - dbg->lineno = __zend_lineno; - dbg->orig_lineno = __zend_orig_lineno; + dbg = zend_mm_get_debug_info(heap, ptr); + dbg->size = real_size; + dbg->filename = __zend_filename; + dbg->orig_filename = __zend_orig_filename; + dbg->lineno = __zend_lineno; + dbg->orig_lineno = __zend_orig_lineno; #endif - return ptr; + return ptr; + } } } else /* if (info & ZEND_MM_IS_LARGE_RUN) */ { ZEND_MM_CHECK(ZEND_MM_ALIGNED_OFFSET(page_offset, ZEND_MM_PAGE_SIZE) == 0, "zend_mm_heap corrupted"); |