Skip to content

Commit 1880729

Browse files
danogdanog
committed
Fix
1 parent 2f84241 commit 1880729

File tree

1 file changed

+40
-2
lines changed

1 file changed

+40
-2
lines changed

Zend/zend_alloc.c

Lines changed: 40 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -205,6 +205,9 @@ static size_t _real_page_size = ZEND_MM_PAGE_SIZE;
205205
#define ZEND_MM_POISON_HEAP(_ptr) ZEND_MM_POISON((_ptr), sizeof(zend_mm_heap));
206206
#define ZEND_MM_UNPOISON_HEAP(_ptr) ZEND_MM_UNPOISON((_ptr), sizeof(zend_mm_heap));
207207

208+
#define ZEND_MM_POISON_DEBUGINFO(_ptr) ZEND_MM_POISON((_ptr), sizeof(zend_mm_debug_info));
209+
#define ZEND_MM_UNPOISON_DEBUGINFO(_ptr) ZEND_MM_UNPOISON((_ptr), sizeof(zend_mm_debug_info));
210+
208211
#define ZEND_MM_POISON_CHUNK_HDR(_ptr, _heap) do { \
209212
ZEND_MM_POISON((_ptr), sizeof(zend_mm_chunk)); \
210213
ZEND_MM_UNPOISON_HEAP((_heap)); \
@@ -226,6 +229,8 @@ static size_t _real_page_size = ZEND_MM_PAGE_SIZE;
226229
#define ZEND_MM_POISON_CHUNK_HDR(_ptr, _heap)
227230
#define ZEND_MM_UNPOISON_CHUNK_HDR(_ptr)
228231
#define ZEND_MM_POISON_CHUNK(_ptr, _heap)
232+
#define ZEND_MM_POISON_DEBUGINFO(_ptr)
233+
#define ZEND_MM_UNPOISON_DEBUGINFO(_ptr)
229234

230235
#endif
231236
typedef uint32_t zend_mm_page_info; /* 4-byte integer */
@@ -1504,7 +1509,9 @@ static zend_never_inline void *zend_mm_alloc_small_slow(zend_mm_heap *heap, uint
15041509
#if ZEND_DEBUG
15051510
do {
15061511
zend_mm_debug_info *dbg = (zend_mm_debug_info*)((char*)p + bin_data_size[bin_num] - ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_debug_info)));
1512+
ZEND_MM_UNPOISON_DEBUGINFO(dbg);
15071513
dbg->size = 0;
1514+
ZEND_MM_POISON_DEBUGINFO(dbg);
15081515
} while (0);
15091516
#endif
15101517

@@ -1516,7 +1523,9 @@ static zend_never_inline void *zend_mm_alloc_small_slow(zend_mm_heap *heap, uint
15161523
#if ZEND_DEBUG
15171524
do {
15181525
zend_mm_debug_info *dbg = (zend_mm_debug_info*)((char*)p + bin_data_size[bin_num] - ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_debug_info)));
1526+
ZEND_MM_UNPOISON_DEBUGINFO(dbg);
15191527
dbg->size = 0;
1528+
ZEND_MM_POISON_DEBUGINFO(dbg);
15201529
} while (0);
15211530
#endif
15221531

@@ -1560,7 +1569,9 @@ static zend_always_inline void zend_mm_free_small(zend_mm_heap *heap, void *ptr,
15601569
#if ZEND_DEBUG
15611570
do {
15621571
zend_mm_debug_info *dbg = (zend_mm_debug_info*)((char*)ptr + bin_data_size[bin_num] - ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_debug_info)));
1572+
ZEND_MM_UNPOISON_DEBUGINFO(dbg);
15631573
dbg->size = 0;
1574+
ZEND_MM_POISON_DEBUGINFO(dbg);
15641575
} while (0);
15651576
#endif
15661577

@@ -1625,23 +1636,27 @@ static zend_always_inline void *zend_mm_alloc_heap(zend_mm_heap *heap, size_t si
16251636
ptr = zend_mm_alloc_small(heap, ZEND_MM_SMALL_SIZE_TO_BIN(size) ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
16261637
#if ZEND_DEBUG
16271638
dbg = zend_mm_get_debug_info(heap, ptr);
1639+
ZEND_MM_UNPOISON_DEBUGINFO(dbg);
16281640
dbg->size = real_size;
16291641
dbg->filename = __zend_filename;
16301642
dbg->orig_filename = __zend_orig_filename;
16311643
dbg->lineno = __zend_lineno;
16321644
dbg->orig_lineno = __zend_orig_lineno;
1645+
ZEND_MM_POISON_DEBUGINFO(dbg);
16331646
#endif
16341647
ZEND_MM_UNPOISON(ptr, size);
16351648
return ptr;
16361649
} else if (EXPECTED(size <= ZEND_MM_MAX_LARGE_SIZE)) {
16371650
ptr = zend_mm_alloc_large(heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
16381651
#if ZEND_DEBUG
1652+
ZEND_MM_UNPOISON_DEBUGINFO(dbg);
16391653
dbg = zend_mm_get_debug_info(heap, ptr);
16401654
dbg->size = real_size;
16411655
dbg->filename = __zend_filename;
16421656
dbg->orig_filename = __zend_orig_filename;
16431657
dbg->lineno = __zend_lineno;
16441658
dbg->orig_lineno = __zend_orig_lineno;
1659+
ZEND_MM_POISON_DEBUGINFO(dbg);
16451660
#endif
16461661
ZEND_MM_UNPOISON(ptr, size);
16471662
return ptr;
@@ -1692,7 +1707,10 @@ static size_t zend_mm_size(zend_mm_heap *heap, void *ptr ZEND_FILE_LINE_DC ZEND_
16921707
zend_mm_chunk *chunk;
16931708
#if 0 && ZEND_DEBUG
16941709
zend_mm_debug_info *dbg = zend_mm_get_debug_info(heap, ptr);
1695-
return dbg->size;
1710+
ZEND_MM_UNPOISON_DEBUGINFO(dbg);
1711+
size_t ret = dbg->size;
1712+
ZEND_MM_POISON_DEBUGINFO(dbg);
1713+
return ret;
16961714
#else
16971715
int page_num;
16981716
zend_mm_page_info info;
@@ -1904,12 +1922,14 @@ static zend_always_inline void *zend_mm_realloc_heap(zend_mm_heap *heap, void *p
19041922
}
19051923

19061924
#if ZEND_DEBUG
1925+
ZEND_MM_UNPOISON_DEBUGINFO(dbg);
19071926
dbg = zend_mm_get_debug_info(heap, ret);
19081927
dbg->size = real_size;
19091928
dbg->filename = __zend_filename;
19101929
dbg->orig_filename = __zend_orig_filename;
19111930
dbg->lineno = __zend_lineno;
19121931
dbg->orig_lineno = __zend_orig_lineno;
1932+
ZEND_MM_POISON_DEBUGINFO(dbg);
19131933
#endif
19141934
ZEND_MM_POISON_CHUNK_HDR(chunk, heap);
19151935
return ret;
@@ -1923,11 +1943,13 @@ static zend_always_inline void *zend_mm_realloc_heap(zend_mm_heap *heap, void *p
19231943
if (new_size == old_size) {
19241944
#if ZEND_DEBUG
19251945
dbg = zend_mm_get_debug_info(heap, ptr);
1946+
ZEND_MM_UNPOISON_DEBUGINFO(dbg);
19261947
dbg->size = real_size;
19271948
dbg->filename = __zend_filename;
19281949
dbg->orig_filename = __zend_orig_filename;
19291950
dbg->lineno = __zend_lineno;
19301951
dbg->orig_lineno = __zend_orig_lineno;
1952+
ZEND_MM_POISON_DEBUGINFO(dbg);
19311953
#endif
19321954
ZEND_MM_POISON_CHUNK_HDR(chunk, heap);
19331955
ZEND_MM_UNPOISON(ptr, size);
@@ -1946,11 +1968,13 @@ static zend_always_inline void *zend_mm_realloc_heap(zend_mm_heap *heap, void *p
19461968
ZEND_MM_POISON(ZEND_MM_PAGE_ADDR(chunk, page_num + new_pages_count), rest_pages_count * ZEND_MM_PAGE_SIZE);
19471969
#if ZEND_DEBUG
19481970
dbg = zend_mm_get_debug_info(heap, ptr);
1971+
ZEND_MM_UNPOISON_DEBUGINFO(dbg);
19491972
dbg->size = real_size;
19501973
dbg->filename = __zend_filename;
19511974
dbg->orig_filename = __zend_orig_filename;
19521975
dbg->lineno = __zend_lineno;
19531976
dbg->orig_lineno = __zend_orig_lineno;
1977+
ZEND_MM_POISON_DEBUGINFO(dbg);
19541978
#endif
19551979
ZEND_MM_POISON_CHUNK_HDR(chunk, heap);
19561980
ZEND_MM_POISON(ptr, old_size);
@@ -1976,11 +2000,13 @@ static zend_always_inline void *zend_mm_realloc_heap(zend_mm_heap *heap, void *p
19762000
chunk->map[page_num] = ZEND_MM_LRUN(new_pages_count);
19772001
#if ZEND_DEBUG
19782002
dbg = zend_mm_get_debug_info(heap, ptr);
2003+
ZEND_MM_UNPOISON_DEBUGINFO(dbg);
19792004
dbg->size = real_size;
19802005
dbg->filename = __zend_filename;
19812006
dbg->orig_filename = __zend_orig_filename;
19822007
dbg->lineno = __zend_lineno;
19832008
dbg->orig_lineno = __zend_orig_lineno;
2009+
ZEND_MM_POISON_DEBUGINFO(dbg);
19842010
#endif
19852011
ZEND_MM_POISON_CHUNK_HDR(chunk, heap);
19862012
ZEND_MM_UNPOISON(ptr, size);
@@ -2404,6 +2430,7 @@ static zend_long zend_mm_find_leaks_small(zend_mm_chunk *p, uint32_t i, uint32_t
24042430
zend_long count = 0;
24052431
int bin_num = ZEND_MM_SRUN_BIN_NUM(p->map[i]);
24062432
zend_mm_debug_info *dbg = (zend_mm_debug_info*)((char*)p + ZEND_MM_PAGE_SIZE * i + bin_data_size[bin_num] * (j + 1) - ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_debug_info)));
2433+
ZEND_MM_UNPOISON_DEBUGINFO(dbg);
24072434

24082435
while (j < bin_elements[bin_num]) {
24092436
if (dbg->size != 0) {
@@ -2417,7 +2444,9 @@ static zend_long zend_mm_find_leaks_small(zend_mm_chunk *p, uint32_t i, uint32_t
24172444
}
24182445
}
24192446
j++;
2447+
ZEND_MM_POISON_DEBUGINFO(dbg);
24202448
dbg = (zend_mm_debug_info*)((char*)dbg + bin_data_size[bin_num]);
2449+
ZEND_MM_UNPOISON_DEBUGINFO(dbg);
24212450
}
24222451
if (empty) {
24232452
zend_mm_bitset_reset_range(p->free_map, i, bin_pages[bin_num]);
@@ -2439,10 +2468,13 @@ static zend_long zend_mm_find_leaks(zend_mm_heap *heap, zend_mm_chunk *p, uint32
24392468
} else /* if (p->map[i] & ZEND_MM_IS_LRUN) */ {
24402469
int pages_count = ZEND_MM_LRUN_PAGES(p->map[i]);
24412470
zend_mm_debug_info *dbg = (zend_mm_debug_info*)((char*)p + ZEND_MM_PAGE_SIZE * (i + pages_count) - ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_debug_info)));
2442-
2471+
2472+
ZEND_MM_UNPOISON_DEBUGINFO(dbg);
24432473
if (dbg->filename == leak->filename && dbg->lineno == leak->lineno) {
24442474
count++;
24452475
}
2476+
ZEND_MM_POISON_DEBUGINFO(dbg);
2477+
24462478
zend_mm_bitset_reset_range(p->free_map, i, pages_count);
24472479
i += pages_count;
24482480
}
@@ -2520,6 +2552,7 @@ static void zend_mm_check_leaks(zend_mm_heap *heap)
25202552
if (p->map[i] & ZEND_MM_IS_SRUN) {
25212553
int bin_num = ZEND_MM_SRUN_BIN_NUM(p->map[i]);
25222554
zend_mm_debug_info *dbg = (zend_mm_debug_info*)((char*)p + ZEND_MM_PAGE_SIZE * i + bin_data_size[bin_num] - ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_debug_info)));
2555+
ZEND_MM_UNPOISON_DEBUGINFO(dbg);
25232556

25242557
j = 0;
25252558
while (j < bin_elements[bin_num]) {
@@ -2545,20 +2578,25 @@ static void zend_mm_check_leaks(zend_mm_heap *heap)
25452578
zend_message_dispatcher(ZMSG_MEMORY_LEAK_REPEATED, (void *)(uintptr_t)repeated);
25462579
}
25472580
}
2581+
ZEND_MM_POISON_DEBUGINFO(dbg);
25482582
dbg = (zend_mm_debug_info*)((char*)dbg + bin_data_size[bin_num]);
2583+
ZEND_MM_UNPOISON_DEBUGINFO(dbg);
25492584
j++;
25502585
}
2586+
ZEND_MM_POISON_DEBUGINFO(dbg);
25512587
i += bin_pages[bin_num];
25522588
} else /* if (p->map[i] & ZEND_MM_IS_LRUN) */ {
25532589
int pages_count = ZEND_MM_LRUN_PAGES(p->map[i]);
25542590
zend_mm_debug_info *dbg = (zend_mm_debug_info*)((char*)p + ZEND_MM_PAGE_SIZE * (i + pages_count) - ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_debug_info)));
2591+
ZEND_MM_UNPOISON_DEBUGINFO(dbg);
25552592

25562593
leak.addr = (void*)((char*)p + ZEND_MM_PAGE_SIZE * i);
25572594
leak.size = dbg->size;
25582595
leak.filename = dbg->filename;
25592596
leak.orig_filename = dbg->orig_filename;
25602597
leak.lineno = dbg->lineno;
25612598
leak.orig_lineno = dbg->orig_lineno;
2599+
ZEND_MM_POISON_DEBUGINFO(dbg);
25622600

25632601
zend_message_dispatcher(ZMSG_LOG_SCRIPT_NAME, NULL);
25642602
zend_message_dispatcher(ZMSG_MEMORY_LEAK_DETECTED, &leak);

0 commit comments

Comments
 (0)