mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-11-23 01:44:06 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix GH-9361: Segmentation fault on script exit

Browse Source 
Using a lot of memory may overflow some `int` calculations; to avoid
that we make sure that the operands are promoted to `size_t`.

This issue has been analyzed by @chschneider.

Closes GH-9379.
This commit is contained in:
Christoph M. Becker 2022-08-19 16:26:26 +02:00
parent 305892580e
commit bb341210f5
No known key found for this signature in database
GPG Key ID: D66C9593118BCCB6
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
NEWS
View File

@ -5,6 +5,8 @@ PHP NEWS
- Core:
. Fixed bug GH-9323 (Crash in ZEND_RETURN/GC/zend_call_function)
(Tim Starling)
. Fixed bug GH-9361 (Segmentation fault on script exit #9379). (cmb,
Christian Schneider)
- DOM:
. Fixed bug #79451 (DOMDocument->replaceChild on doctype causes double free).

2
Zend/zend_alloc_sizes.h
View File

@ -19,7 +19,7 @@
#ifndef ZEND_ALLOC_SIZES_H
#define ZEND_ALLOC_SIZES_H
#define ZEND_MM_CHUNK_SIZE (2 * 1024 * 1024) /* 2 MB */
#define ZEND_MM_CHUNK_SIZE ((size_t) (2 * 1024 * 1024)) /* 2 MB */
#define ZEND_MM_PAGE_SIZE (4 * 1024) /* 4 KB */
#define ZEND_MM_PAGES (ZEND_MM_CHUNK_SIZE / ZEND_MM_PAGE_SIZE) /* 512 */
#define ZEND_MM_FIRST_PAGE (1)