mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-12-01 05:43:38 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix potential memory issue with USE_ZEND_ALLOC=0

Browse Source 
The PHP core and extensions are written with the assumption that memory
allocation either succeeds, or the allocator bails out (i.e. the allocator
is infallible). Therefore the result of emalloc() and friends are not checked
for NULL values.

However, with USE_ZEND_ALLOC=0, malloc() and friends are used as allocators,
but these are fallible, i.e. they return NULL instead of bailing out if they
fail. This easily leads to invalid memory accesses in the following, such as
in <https://bugs.php.net/73032>. Some of these cases may constitute
exploitable vulnerabilities.

Therefore we make the infallible __zend_alloc() and friends the default for
USE_ZEND_ALLOC=0.
This commit is contained in:
Christoph M. Becker 2016-09-07 22:50:53 +02:00
parent dad793630d
commit 5880428dac
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Zend/zend_alloc.c
View File

@ -2726,9 +2726,9 @@ static void alloc_globals_ctor(zend_alloc_globals *alloc_globals TSRMLS_DC)
alloc_globals->mm_heap = malloc(sizeof(struct _zend_mm_heap));
memset(alloc_globals->mm_heap, 0, sizeof(struct _zend_mm_heap));
alloc_globals->mm_heap->use_zend_alloc = 0;
alloc_globals->mm_heap->_malloc = malloc;
alloc_globals->mm_heap->_malloc = __zend_malloc;
alloc_globals->mm_heap->_free = free;
alloc_globals->mm_heap->_realloc = realloc;
alloc_globals->mm_heap->_realloc = __zend_realloc;
} else {
alloc_globals->mm_heap = zend_mm_startup();
}