Skip to content

Commit 491940e

Browse files
danogdanog
committed
Unpoison custom chunk_alloc as well
1 parent 1275855 commit 491940e

File tree

1 file changed

+11
-9
lines changed

1 file changed

+11
-9
lines changed

Zend/zend_alloc.c

Lines changed: 11 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -949,6 +949,7 @@ static void zend_mm_chunk_free(zend_mm_heap *heap, void *addr, size_t size)
949949
{
950950
#if ZEND_MM_STORAGE
951951
if (UNEXPECTED(heap->storage)) {
952+
ZEND_MM_UNPOISON(addr, size);
952953
heap->storage->handlers.chunk_free(heap->storage, addr, size);
953954
return;
954955
}
@@ -961,6 +962,7 @@ static int zend_mm_chunk_truncate(zend_mm_heap *heap, void *addr, size_t old_siz
961962
#if ZEND_MM_STORAGE
962963
if (UNEXPECTED(heap->storage)) {
963964
if (heap->storage->handlers.chunk_truncate) {
965+
ZEND_MM_UNPOISON((char*)addr + new_size, old_size - new_size);
964966
return heap->storage->handlers.chunk_truncate(heap->storage, addr, old_size, new_size);
965967
} else {
966968
return 0;
@@ -1041,7 +1043,7 @@ static void zend_mm_change_huge_block_size(zend_mm_heap *heap, void *ptr, size_t
10411043
/* Large Runs */
10421044
/**************/
10431045

1044-
static size_t zend_mm_gc_real(zend_mm_heap *heap);
1046+
static size_t _zend_mm_gc(zend_mm_heap *heap);
10451047

10461048
#if ZEND_DEBUG
10471049
static void *zend_mm_alloc_pages(zend_mm_heap *heap, uint32_t pages_count, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
@@ -1180,7 +1182,7 @@ static void *zend_mm_alloc_pages(zend_mm_heap *heap, uint32_t pages_count ZEND_F
11801182
} else {
11811183
#if ZEND_MM_LIMIT
11821184
if (UNEXPECTED(ZEND_MM_CHUNK_SIZE > heap->limit - heap->real_size)) {
1183-
if (zend_mm_gc_real(heap)) {
1185+
if (_zend_mm_gc(heap)) {
11841186
goto get_chunk;
11851187
} else if (heap->overflow == 0) {
11861188
#if ZEND_DEBUG
@@ -1197,7 +1199,7 @@ static void *zend_mm_alloc_pages(zend_mm_heap *heap, uint32_t pages_count ZEND_F
11971199
chunk = (zend_mm_chunk*)zend_mm_chunk_alloc(heap, ZEND_MM_CHUNK_SIZE, ZEND_MM_CHUNK_SIZE);
11981200
if (UNEXPECTED(chunk == NULL)) {
11991201
/* insufficient memory */
1200-
if (zend_mm_gc_real(heap) &&
1202+
if (_zend_mm_gc(heap) &&
12011203
(chunk = (zend_mm_chunk*)zend_mm_chunk_alloc(heap, ZEND_MM_CHUNK_SIZE, ZEND_MM_CHUNK_SIZE)) != NULL) {
12021204
/* pass */
12031205
} else {
@@ -1873,7 +1875,7 @@ static zend_never_inline void *zend_mm_realloc_huge(zend_mm_heap *heap, void *pt
18731875
} else /* if (new_size > old_size) */ {
18741876
#if ZEND_MM_LIMIT
18751877
if (UNEXPECTED(new_size - old_size > heap->limit - heap->real_size)) {
1876-
if (zend_mm_gc_real(heap) && new_size - old_size <= heap->limit - heap->real_size) {
1878+
if (_zend_mm_gc(heap) && new_size - old_size <= heap->limit - heap->real_size) {
18771879
/* pass */
18781880
} else if (heap->overflow == 0) {
18791881
#if ZEND_DEBUG
@@ -2216,7 +2218,7 @@ static void *zend_mm_alloc_huge(zend_mm_heap *heap, size_t size ZEND_FILE_LINE_D
22162218

22172219
#if ZEND_MM_LIMIT
22182220
if (UNEXPECTED(new_size > heap->limit - heap->real_size)) {
2219-
if (zend_mm_gc_real(heap) && new_size <= heap->limit - heap->real_size) {
2221+
if (_zend_mm_gc(heap) && new_size <= heap->limit - heap->real_size) {
22202222
/* pass */
22212223
} else if (heap->overflow == 0) {
22222224
#if ZEND_DEBUG
@@ -2231,7 +2233,7 @@ static void *zend_mm_alloc_huge(zend_mm_heap *heap, size_t size ZEND_FILE_LINE_D
22312233
ptr = zend_mm_chunk_alloc(heap, new_size, ZEND_MM_CHUNK_SIZE);
22322234
if (UNEXPECTED(ptr == NULL)) {
22332235
/* insufficient memory */
2234-
if (zend_mm_gc_real(heap) &&
2236+
if (_zend_mm_gc(heap) &&
22352237
(ptr = zend_mm_chunk_alloc(heap, new_size, ZEND_MM_CHUNK_SIZE)) != NULL) {
22362238
/* pass */
22372239
} else {
@@ -2354,7 +2356,7 @@ static zend_mm_heap *zend_mm_init(void)
23542356
return heap;
23552357
}
23562358

2357-
static size_t zend_mm_gc_real(zend_mm_heap *heap)
2359+
static size_t _zend_mm_gc(zend_mm_heap *heap)
23582360
{
23592361
zend_mm_free_slot *p, *q;
23602362
zend_mm_chunk *chunk;
@@ -2500,7 +2502,7 @@ static size_t zend_mm_gc_real(zend_mm_heap *heap)
25002502
ZEND_API size_t zend_mm_gc(zend_mm_heap *heap)
25012503
{
25022504
ZEND_MM_UNPOISON_HEAP(heap);
2503-
size_t ret = zend_mm_gc_real(heap);
2505+
size_t ret = _zend_mm_gc(heap);
25042506
ZEND_MM_POISON_HEAP(heap);
25052507
return ret;
25062508
}
@@ -3610,7 +3612,7 @@ static size_t poison_gc(void)
36103612
_zend_mm_get_custom_handlers_ex(heap, &_malloc, &_free, &_realloc, &_gc, &_shutdown);
36113613
_zend_mm_set_custom_handlers_ex(heap, NULL, NULL, NULL, NULL, NULL);
36123614

3613-
size_t collected = zend_mm_gc_real(heap);
3615+
size_t collected = _zend_mm_gc(heap);
36143616

36153617
_zend_mm_set_custom_handlers_ex(heap, _malloc, _free, _realloc, _gc, _shutdown);
36163618

0 commit comments

Comments
 (0)