archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 21:48:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Add two checks for zend_mm_heap's integrity (#13943)

Browse source
This commit is contained in:
Julien Voisin 2024-04-23 09:50:24 +00:00 committed by GitHub
parent bffab33a89
commit 07337df1d7
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
Zend/zend_alloc.c
View file

@ -1065,6 +1065,9 @@ get_chunk:
found: found:
if (steps > 2 && pages_count < 8) { if (steps > 2 && pages_count < 8) {
ZEND_MM_CHECK(chunk->next->prev == chunk, "zend_mm_heap corrupted");
ZEND_MM_CHECK(chunk->prev->next == chunk, "zend_mm_heap corrupted");
/* move chunk into the head of the linked-list */ /* move chunk into the head of the linked-list */
chunk->prev->next = chunk->next; chunk->prev->next = chunk->next;
chunk->next->prev = chunk->prev; chunk->next->prev = chunk->prev;
@ -1116,6 +1119,9 @@ static zend_never_inline void *zend_mm_alloc_large(zend_mm_heap *heap, size_t si
static zend_always_inline void zend_mm_delete_chunk(zend_mm_heap *heap, zend_mm_chunk *chunk) static zend_always_inline void zend_mm_delete_chunk(zend_mm_heap *heap, zend_mm_chunk *chunk)
{ {
ZEND_MM_CHECK(chunk->next->prev == chunk, "zend_mm_heap corrupted");
ZEND_MM_CHECK(chunk->prev->next == chunk, "zend_mm_heap corrupted");
chunk->next->prev = chunk->prev; chunk->next->prev = chunk->prev;
chunk->prev->next = chunk->next; chunk->prev->next = chunk->next;
heap->chunks_count--; heap->chunks_count--;