summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--NEWS1
-rw-r--r--Zend/zend_arena.h3
2 files changed, 3 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index fce91668a6..7b1023f961 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,7 @@ PHP NEWS
?? ??? 2016 PHP 7.0.4
- Core:
+ . Fixed bug (Low probability segfault in zend_arena). (Laruence)
. Fixed bug #71485 (Return typehint on interanal func causes Fatal error
when it throws exception). (Laruence)
. Fixed bug #71474 (Crash because of VM stack corruption on Magento2).
diff --git a/Zend/zend_arena.h b/Zend/zend_arena.h
index 7456610b65..e89e06b1b0 100644
--- a/Zend/zend_arena.h
+++ b/Zend/zend_arena.h
@@ -103,11 +103,12 @@ static zend_always_inline void zend_arena_release(zend_arena **arena_ptr, void *
zend_arena *arena = *arena_ptr;
while (UNEXPECTED((char*)checkpoint > arena->end) ||
- UNEXPECTED((char*)checkpoint < (char*)arena)) {
+ UNEXPECTED((char*)checkpoint <= (char*)arena)) {
zend_arena *prev = arena->prev;
efree(arena);
*arena_ptr = arena = prev;
}
+ ZEND_ASSERT((char*)checkpoint > (char*)arena && (char*)checkpoint <= arena->end);
arena->ptr = (char*)checkpoint;
}
View Lorry Controller Status