archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 21:48:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix #78620: Out of memory error

Browse source 
If the integer addition in `ZEND_MM_ALIGNED_SIZE_EX` overflows, the
macro evaluates to `0`, what we should catch early.
This commit is contained in:
Christoph M. Becker 2019-10-02 16:42:28 +02:00
parent a5d3620d93
commit 8ce04df7e0
2 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
Zend/zend_alloc.c
View file

@ -1730,10 +1730,15 @@ static void *zend_mm_alloc_huge(zend_mm_heap *heap, size_t size ZEND_FILE_LINE_D
void *ptr;
#if ZEND_MM_LIMIT
if (UNEXPECTED(new_size == 0)) {
/* overflow in ZEND_MM_ALIGNED_SIZE_EX */
goto memory_limit_exhausted;
}
if (UNEXPECTED(new_size > heap->limit - heap->real_size)) {
if (zend_mm_gc(heap) && new_size <= heap->limit - heap->real_size) {
/* pass */
} else if (heap->overflow == 0) {
memory_limit_exhausted:
#if ZEND_DEBUG
zend_mm_safe_error(heap, "Allowed memory size of %zu bytes exhausted at %s:%d (tried to allocate %zu bytes)", heap->limit, __zend_filename, __zend_lineno, size);
#else