Improve

Author: danog

Zend/zend_alloc.c

@@ -1125,7 +1125,6 @@ static void *zend_mm_alloc_pages(zend_mm_heap *heap, uint32_t pages_count ZEND_F
 #else
 						zend_mm_safe_error(heap, "Out of memory (allocated %zu bytes) (tried to allocate %zu bytes)", heap->real_size, ZEND_MM_PAGE_SIZE * pages_count);
 #endif
-						ZEND_MM_POISON_CHUNK_HDR(chunk, heap);
 						return NULL;
 					}
 				}
@@ -1162,18 +1161,25 @@ static void *zend_mm_alloc_pages(zend_mm_heap *heap, uint32_t pages_count ZEND_F
 
 found:
 	if (steps > 2 && pages_count < 8) {
+		ZEND_MM_UNPOISON_CHUNK_HDR(chunk->next);
+		ZEND_MM_UNPOISON_CHUNK_HDR(chunk->prev);
 		ZEND_MM_CHECK(chunk->next->prev == chunk, "zend_mm_heap corrupted");
 		ZEND_MM_CHECK(chunk->prev->next == chunk, "zend_mm_heap corrupted");
 
 		/* move chunk into the head of the linked-list */
 		chunk->prev->next = chunk->next;
 		chunk->next->prev = chunk->prev;
+		ZEND_MM_POISON_CHUNK_HDR(chunk->next, heap);
+		ZEND_MM_POISON_CHUNK_HDR(chunk->prev, heap);
+
 		ZEND_MM_UNPOISON_CHUNK_HDR(heap->main_chunk);
+		ZEND_MM_UNPOISON_CHUNK_HDR(heap->main_chunk->next);
 		chunk->next = heap->main_chunk->next;
 		chunk->prev = heap->main_chunk;
 		chunk->prev->next = chunk;
 		chunk->next->prev = chunk;
 		ZEND_MM_POISON_CHUNK_HDR(heap->main_chunk, heap);
+		ZEND_MM_POISON_CHUNK_HDR(heap->main_chunk->next, heap);
 	}
 	/* mark run as allocated */
 	chunk->free_pages -= pages_count;