More poisoning

danog · danog · commit d348c8dadb24 · 2025-06-10T11:55:44.000+02:00
diff --git a/Zend/zend_alloc.c b/Zend/zend_alloc.c
@@ -433,7 +433,6 @@ static ZEND_COLD ZEND_NORETURN void zend_mm_safe_error(zend_mm_heap *heap,
 #endif
 	size_t size)
 {
-
 	heap->overflow = 1;
 	zend_try {
 		zend_error_noreturn(E_ERROR,
@@ -1028,6 +1027,7 @@ static void *zend_mm_alloc_pages(zend_mm_heap *heap, uint32_t pages_count ZEND_F
 #else
 						zend_mm_safe_error(heap, "Allowed memory size of %zu bytes exhausted (tried to allocate %zu bytes)", heap->limit, ZEND_MM_PAGE_SIZE * pages_count);
 #endif
+						ZEND_ASAN_POISON_MEMORY_REGION(chunk, sizeof(zend_mm_chunk));
 						return NULL;
 					}
 				}
@@ -1047,6 +1047,7 @@ static void *zend_mm_alloc_pages(zend_mm_heap *heap, uint32_t pages_count ZEND_F
 #else
 						zend_mm_safe_error(heap, "Out of memory (allocated %zu bytes) (tried to allocate %zu bytes)", heap->real_size, ZEND_MM_PAGE_SIZE * pages_count);
 #endif
+						ZEND_ASAN_POISON_MEMORY_REGION(chunk, sizeof(zend_mm_chunk));
 						return NULL;
 					}
 				}
@@ -1113,7 +1114,7 @@ static zend_always_inline void *zend_mm_alloc_large_ex(zend_mm_heap *heap, size_
 #endif
 #if ZEND_MM_STAT
 	do {
-		size_t size = heap->size + pages_count * ZEND_MM_PAGE_SIZE;
+			size_t size = heap->size + pages_count * ZEND_MM_PAGE_SIZE;
 		size_t peak = MAX(heap->peak, size);
 		heap->size = size;
 		heap->peak = peak;
@@ -1140,7 +1141,7 @@ static zend_always_inline void zend_mm_delete_chunk(zend_mm_heap *heap, zend_mm_
 
 	ZEND_ASAN_POISON_MEMORY_REGION(chunk->next, sizeof(zend_mm_chunk));
 	ZEND_ASAN_POISON_MEMORY_REGION(chunk->prev, sizeof(zend_mm_chunk));
-
+	
 	heap->chunks_count--;
 	if (heap->chunks_count + heap->cached_chunks_count < heap->avg_chunks_count + 0.1
 	 || (heap->chunks_count == heap->last_chunks_delete_boundary
@@ -1545,6 +1546,7 @@ static zend_always_inline void *zend_mm_alloc_heap(zend_mm_heap *heap, size_t si
 static zend_always_inline void zend_mm_free_heap(zend_mm_heap *heap, void *ptr ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
 {
 	printf("Freeing %p\n", ptr);
+
 	size_t page_offset = ZEND_MM_ALIGNED_OFFSET(ptr, ZEND_MM_CHUNK_SIZE);
 
 	if (UNEXPECTED(page_offset == 0)) {
@@ -2131,6 +2133,7 @@ ZEND_API size_t zend_mm_gc(zend_mm_heap *heap)
 	bool has_free_pages;
 	size_t collected = 0;
 
+	ZEND_ASAN_UNPOISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));
 #if ZEND_MM_CUSTOM
 	if (heap->use_custom_heap) {
 		size_t (*gc)(void) = heap->custom_heap._gc;
@@ -2255,6 +2258,7 @@ ZEND_API size_t zend_mm_gc(zend_mm_heap *heap)
 		}
 	} while (chunk != heap->main_chunk);
 	ZEND_ASAN_POISON_MEMORY_REGION(chunk, sizeof(zend_mm_chunk));
+	ZEND_ASAN_POISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));
 
 	printf("Done running gc\n");
 	return collected * ZEND_MM_PAGE_SIZE;
@@ -2460,6 +2464,7 @@ ZEND_API void zend_mm_shutdown(zend_mm_heap *heap, bool full, bool silent)
 {
 	zend_mm_chunk *p;
 	zend_mm_huge_list *list;
+	ZEND_ASAN_UNPOISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));
 
 #if ZEND_MM_CUSTOM
 	if (heap->use_custom_heap) {
@@ -2486,6 +2491,7 @@ ZEND_API void zend_mm_shutdown(zend_mm_heap *heap, bool full, bool silent)
 		if (shutdown) {
 			shutdown(full, silent);
 		}
+		ZEND_ASAN_POISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));
 
 		return;
 	}
@@ -2592,6 +2598,7 @@ ZEND_API void zend_mm_shutdown(zend_mm_heap *heap, bool full, bool silent)
 		}
 		ZEND_ASAN_POISON_MEMORY_REGION(p, sizeof(zend_mm_chunk));
 	}
+	ZEND_ASAN_POISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));
 }
 
 /**************/
@@ -2613,22 +2620,29 @@ ZEND_API void ZEND_FASTCALL _zend_mm_validate(zend_mm_heap *heap)
 
 ZEND_API void ZEND_FASTCALL zend_mm_validate_fast(zend_mm_heap *heap)
 {
+	ZEND_ASAN_UNPOISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));
 	for (int i = 0; i < 30; i++) {
 		zend_mm_free_slot *slot = heap->free_slot[i];
 		if (slot != NULL) {
 			zend_mm_get_next_free_slot(heap, i, slot);
 		}
 	}
+	ZEND_ASAN_POISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));
 }
 
 ZEND_API void* ZEND_FASTCALL _zend_mm_alloc(zend_mm_heap *heap, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
 {
-	return zend_mm_alloc_heap(heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+	ZEND_ASAN_UNPOISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));
+	void *ptr = zend_mm_alloc_heap(heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+	ZEND_ASAN_POISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));
+	return ptr;
 }
 
 ZEND_API void ZEND_FASTCALL _zend_mm_free(zend_mm_heap *heap, void *ptr ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
 {
+	ZEND_ASAN_UNPOISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));
 	zend_mm_free_heap(heap, ptr ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+	ZEND_ASAN_POISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));
 }
 
 void* ZEND_FASTCALL _zend_mm_realloc(zend_mm_heap *heap, void *ptr, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
@@ -2643,19 +2657,24 @@ void* ZEND_FASTCALL _zend_mm_realloc2(zend_mm_heap *heap, void *ptr, size_t size
 
 ZEND_API size_t ZEND_FASTCALL _zend_mm_block_size(zend_mm_heap *heap, void *ptr ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
 {
+	ZEND_ASAN_UNPOISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));
 #if ZEND_MM_CUSTOM
 	if (UNEXPECTED(heap->use_custom_heap)) {
 		if (heap->custom_heap._malloc == tracked_malloc) {
 			zend_ulong h = ((uintptr_t) ptr) >> ZEND_MM_ALIGNMENT_LOG2;
 			zval *size_zv = zend_hash_index_find(heap->tracked_allocs, h);
 			if  (size_zv) {
+				ZEND_ASAN_POISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));
 				return Z_LVAL_P(size_zv);
 			}
 		}
+		ZEND_ASAN_POISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));
 		return 0;
 	}
 #endif
-	return zend_mm_size(heap, ptr ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+	size_t ret = zend_mm_size(heap, ptr ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+	ZEND_ASAN_POISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));
+	return ret;
 }
 
 /**********************/
@@ -2834,7 +2853,9 @@ ZEND_API void ZEND_FASTCALL _efree_large(void *ptr, size_t size)
 		ZEND_MM_ASSERT(ZEND_MM_LRUN_PAGES(chunk->map[page_num]) == pages_count);
 		ZEND_ASAN_POISON_MEMORY_REGION(chunk, sizeof(zend_mm_chunk));
 
+		ZEND_ASAN_UNPOISON_MEMORY_REGION(AG(mm_heap), sizeof(zend_mm_heap));
 		zend_mm_free_large(AG(mm_heap), chunk, page_num, pages_count);
+		ZEND_ASAN_POISON_MEMORY_REGION(AG(mm_heap), sizeof(zend_mm_heap));
 	}
 }
 
@@ -3219,7 +3240,10 @@ ZEND_API zend_mm_heap *zend_mm_get_heap(void)
 ZEND_API bool zend_mm_is_custom_heap(zend_mm_heap *new_heap)
 {
 #if ZEND_MM_CUSTOM
-	return AG(mm_heap)->use_custom_heap;
+	ZEND_ASAN_UNPOISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));
+	bool ret = AG(mm_heap)->use_custom_heap;
+	ZEND_ASAN_POISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));
+	return ret;
 #else
 	return 0;
 #endif
@@ -3231,7 +3255,9 @@ ZEND_API void zend_mm_set_custom_handlers(zend_mm_heap *heap,
                                           void* (*_realloc)(void*, size_t ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC))
 {
 #if ZEND_MM_CUSTOM
+	ZEND_ASAN_UNPOISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));
 	zend_mm_set_custom_handlers_ex(heap, _malloc, _free, _realloc, NULL, NULL);
+	ZEND_ASAN_POISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));
 #endif
 }
 
@@ -3243,6 +3269,7 @@ ZEND_API void zend_mm_set_custom_handlers_ex(zend_mm_heap *heap,
                                           void   (*_shutdown)(bool, bool))
 {
 #if ZEND_MM_CUSTOM
+	ZEND_ASAN_UNPOISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));
 	zend_mm_heap *_heap = (zend_mm_heap*)heap;
 
 	if (!_malloc && !_free && !_realloc) {
@@ -3255,6 +3282,7 @@ ZEND_API void zend_mm_set_custom_handlers_ex(zend_mm_heap *heap,
 		_heap->custom_heap._gc = _gc;
 		_heap->custom_heap._shutdown = _shutdown;
 	}
+	ZEND_ASAN_POISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));
 #endif
 }
 
@@ -3264,7 +3292,9 @@ ZEND_API void zend_mm_get_custom_handlers(zend_mm_heap *heap,
                                              void* (**_realloc)(void*, size_t ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC))
 {
 #if ZEND_MM_CUSTOM
+	ZEND_ASAN_UNPOISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));
 	zend_mm_get_custom_handlers_ex(heap, _malloc, _free, _realloc, NULL, NULL);
+	ZEND_ASAN_POISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));
 #endif
 }
 
@@ -3276,6 +3306,8 @@ ZEND_API void zend_mm_get_custom_handlers_ex(zend_mm_heap *heap,
                                              void   (**_shutdown)(bool, bool))
 {
 #if ZEND_MM_CUSTOM
+	ZEND_ASAN_UNPOISON_MEMORY_REGION(_heap, sizeof(zend_mm_heap));
+
 	zend_mm_heap *_heap = (zend_mm_heap*)heap;
 
 	if (heap->use_custom_heap) {
@@ -3299,6 +3331,7 @@ ZEND_API void zend_mm_get_custom_handlers_ex(zend_mm_heap *heap,
 			*_shutdown = NULL;
 		}
 	}
+	ZEND_ASAN_POISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));
 #else
 	*_malloc = NULL;
 	*_free = NULL;
@@ -3311,7 +3344,10 @@ ZEND_API void zend_mm_get_custom_handlers_ex(zend_mm_heap *heap,
 ZEND_API zend_mm_storage *zend_mm_get_storage(zend_mm_heap *heap)
 {
 #if ZEND_MM_STORAGE
-	return heap->storage;
+	ZEND_ASAN_UNPOISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));
+	zend_mm_storage *ret = heap->storage;
+	ZEND_ASAN_POISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));
+	return ret;
 #else
 	return NULL
 #endif

Original file line number	Diff line number	Diff line change
`@@ -433,7 +433,6 @@ static ZEND_COLD ZEND_NORETURN void zend_mm_safe_error(zend_mm_heap *heap,`
`433`	`433`	`#endif`
`434`	`434`	`size_t size)`
`435`	`435`	`{`
`436`		`-`
`437`	`436`	`heap->overflow = 1;`
`438`	`437`	`zend_try {`
`439`	`438`	`zend_error_noreturn(E_ERROR,`
`@@ -1028,6 +1027,7 @@ static void zend_mm_alloc_pages(zend_mm_heap heap, uint32_t pages_count ZEND_F`
`1028`	`1027`	`#else`
`1029`	`1028`	`zend_mm_safe_error(heap, "Allowed memory size of %zu bytes exhausted (tried to allocate %zu bytes)", heap->limit, ZEND_MM_PAGE_SIZE * pages_count);`
`1030`	`1029`	`#endif`
	`1030`	`+ ZEND_ASAN_POISON_MEMORY_REGION(chunk, sizeof(zend_mm_chunk));`
`1031`	`1031`	`return NULL;`
`1032`	`1032`	`}`
`1033`	`1033`	`}`
`@@ -1047,6 +1047,7 @@ static void zend_mm_alloc_pages(zend_mm_heap heap, uint32_t pages_count ZEND_F`
`1047`	`1047`	`#else`
`1048`	`1048`	`zend_mm_safe_error(heap, "Out of memory (allocated %zu bytes) (tried to allocate %zu bytes)", heap->real_size, ZEND_MM_PAGE_SIZE * pages_count);`
`1049`	`1049`	`#endif`
	`1050`	`+ ZEND_ASAN_POISON_MEMORY_REGION(chunk, sizeof(zend_mm_chunk));`
`1050`	`1051`	`return NULL;`
`1051`	`1052`	`}`
`1052`	`1053`	`}`
`@@ -1113,7 +1114,7 @@ static zend_always_inline void zend_mm_alloc_large_ex(zend_mm_heap heap, size_`
`1113`	`1114`	`#endif`
`1114`	`1115`	`#if ZEND_MM_STAT`
`1115`	`1116`	`do {`
`1116`		`- size_t size = heap->size + pages_count * ZEND_MM_PAGE_SIZE;`
	`1117`	`+ size_t size = heap->size + pages_count * ZEND_MM_PAGE_SIZE;`
`1117`	`1118`	`size_t peak = MAX(heap->peak, size);`
`1118`	`1119`	`heap->size = size;`
`1119`	`1120`	`heap->peak = peak;`
`@@ -1140,7 +1141,7 @@ static zend_always_inline void zend_mm_delete_chunk(zend_mm_heap *heap, zend_mm_`
`1140`	`1141`
`1141`	`1142`	`ZEND_ASAN_POISON_MEMORY_REGION(chunk->next, sizeof(zend_mm_chunk));`
`1142`	`1143`	`ZEND_ASAN_POISON_MEMORY_REGION(chunk->prev, sizeof(zend_mm_chunk));`
`1143`		`-`
	`1144`	`+`
`1144`	`1145`	`heap->chunks_count--;`
`1145`	`1146`	`if (heap->chunks_count + heap->cached_chunks_count < heap->avg_chunks_count + 0.1`
`1146`	`1147`	`\|\| (heap->chunks_count == heap->last_chunks_delete_boundary`
`@@ -1545,6 +1546,7 @@ static zend_always_inline void zend_mm_alloc_heap(zend_mm_heap heap, size_t si`
`1545`	`1546`	`static zend_always_inline void zend_mm_free_heap(zend_mm_heap heap, void ptr ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)`
`1546`	`1547`	`{`
`1547`	`1548`	`printf("Freeing %p\n", ptr);`
	`1549`	`+`
`1548`	`1550`	`size_t page_offset = ZEND_MM_ALIGNED_OFFSET(ptr, ZEND_MM_CHUNK_SIZE);`
`1549`	`1551`
`1550`	`1552`	`if (UNEXPECTED(page_offset == 0)) {`
`@@ -2131,6 +2133,7 @@ ZEND_API size_t zend_mm_gc(zend_mm_heap *heap)`
`2131`	`2133`	`bool has_free_pages;`
`2132`	`2134`	`size_t collected = 0;`
`2133`	`2135`
	`2136`	`+ ZEND_ASAN_UNPOISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));`
`2134`	`2137`	`#if ZEND_MM_CUSTOM`
`2135`	`2138`	`if (heap->use_custom_heap) {`
`2136`	`2139`	`size_t (*gc)(void) = heap->custom_heap._gc;`
`@@ -2255,6 +2258,7 @@ ZEND_API size_t zend_mm_gc(zend_mm_heap *heap)`
`2255`	`2258`	`}`
`2256`	`2259`	`} while (chunk != heap->main_chunk);`
`2257`	`2260`	`ZEND_ASAN_POISON_MEMORY_REGION(chunk, sizeof(zend_mm_chunk));`
	`2261`	`+ ZEND_ASAN_POISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));`
`2258`	`2262`
`2259`	`2263`	`printf("Done running gc\n");`
`2260`	`2264`	`return collected * ZEND_MM_PAGE_SIZE;`
`@@ -2460,6 +2464,7 @@ ZEND_API void zend_mm_shutdown(zend_mm_heap *heap, bool full, bool silent)`
`2460`	`2464`	`{`
`2461`	`2465`	`zend_mm_chunk *p;`
`2462`	`2466`	`zend_mm_huge_list *list;`
	`2467`	`+ ZEND_ASAN_UNPOISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));`
`2463`	`2468`
`2464`	`2469`	`#if ZEND_MM_CUSTOM`
`2465`	`2470`	`if (heap->use_custom_heap) {`
`@@ -2486,6 +2491,7 @@ ZEND_API void zend_mm_shutdown(zend_mm_heap *heap, bool full, bool silent)`
`2486`	`2491`	`if (shutdown) {`
`2487`	`2492`	`shutdown(full, silent);`
`2488`	`2493`	`}`
	`2494`	`+ ZEND_ASAN_POISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));`
`2489`	`2495`
`2490`	`2496`	`return;`
`2491`	`2497`	`}`
`@@ -2592,6 +2598,7 @@ ZEND_API void zend_mm_shutdown(zend_mm_heap *heap, bool full, bool silent)`
`2592`	`2598`	`}`
`2593`	`2599`	`ZEND_ASAN_POISON_MEMORY_REGION(p, sizeof(zend_mm_chunk));`
`2594`	`2600`	`}`
	`2601`	`+ ZEND_ASAN_POISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));`
`2595`	`2602`	`}`
`2596`	`2603`
`2597`	`2604`	`/**************/`
`@@ -2613,22 +2620,29 @@ ZEND_API void ZEND_FASTCALL _zend_mm_validate(zend_mm_heap *heap)`
`2613`	`2620`
`2614`	`2621`	`ZEND_API void ZEND_FASTCALL zend_mm_validate_fast(zend_mm_heap *heap)`
`2615`	`2622`	`{`
	`2623`	`+ ZEND_ASAN_UNPOISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));`
`2616`	`2624`	`for (int i = 0; i < 30; i++) {`
`2617`	`2625`	`zend_mm_free_slot *slot = heap->free_slot[i];`
`2618`	`2626`	`if (slot != NULL) {`
`2619`	`2627`	`zend_mm_get_next_free_slot(heap, i, slot);`
`2620`	`2628`	`}`
`2621`	`2629`	`}`
	`2630`	`+ ZEND_ASAN_POISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));`
`2622`	`2631`	`}`
`2623`	`2632`
`2624`	`2633`	`ZEND_API void* ZEND_FASTCALL _zend_mm_alloc(zend_mm_heap *heap, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)`
`2625`	`2634`	`{`
`2626`		`- return zend_mm_alloc_heap(heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);`
	`2635`	`+ ZEND_ASAN_UNPOISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));`
	`2636`	`+ void *ptr = zend_mm_alloc_heap(heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);`
	`2637`	`+ ZEND_ASAN_POISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));`
	`2638`	`+ return ptr;`
`2627`	`2639`	`}`
`2628`	`2640`
`2629`	`2641`	`ZEND_API void ZEND_FASTCALL _zend_mm_free(zend_mm_heap heap, void ptr ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)`
`2630`	`2642`	`{`
	`2643`	`+ ZEND_ASAN_UNPOISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));`
`2631`	`2644`	`zend_mm_free_heap(heap, ptr ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);`
	`2645`	`+ ZEND_ASAN_POISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));`
`2632`	`2646`	`}`
`2633`	`2647`
`2634`	`2648`	`void* ZEND_FASTCALL _zend_mm_realloc(zend_mm_heap heap, void ptr, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)`
`@@ -2643,19 +2657,24 @@ void* ZEND_FASTCALL _zend_mm_realloc2(zend_mm_heap heap, void ptr, size_t size`
`2643`	`2657`
`2644`	`2658`	`ZEND_API size_t ZEND_FASTCALL _zend_mm_block_size(zend_mm_heap heap, void ptr ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)`
`2645`	`2659`	`{`
	`2660`	`+ ZEND_ASAN_UNPOISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));`
`2646`	`2661`	`#if ZEND_MM_CUSTOM`
`2647`	`2662`	`if (UNEXPECTED(heap->use_custom_heap)) {`
`2648`	`2663`	`if (heap->custom_heap._malloc == tracked_malloc) {`
`2649`	`2664`	`zend_ulong h = ((uintptr_t) ptr) >> ZEND_MM_ALIGNMENT_LOG2;`
`2650`	`2665`	`zval *size_zv = zend_hash_index_find(heap->tracked_allocs, h);`
`2651`	`2666`	`if (size_zv) {`
	`2667`	`+ ZEND_ASAN_POISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));`
`2652`	`2668`	`return Z_LVAL_P(size_zv);`
`2653`	`2669`	`}`
`2654`	`2670`	`}`
	`2671`	`+ ZEND_ASAN_POISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));`
`2655`	`2672`	`return 0;`
`2656`	`2673`	`}`
`2657`	`2674`	`#endif`
`2658`		`- return zend_mm_size(heap, ptr ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);`
	`2675`	`+ size_t ret = zend_mm_size(heap, ptr ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);`
	`2676`	`+ ZEND_ASAN_POISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));`
	`2677`	`+ return ret;`
`2659`	`2678`	`}`
`2660`	`2679`
`2661`	`2680`	`/**********************/`
`@@ -2834,7 +2853,9 @@ ZEND_API void ZEND_FASTCALL _efree_large(void *ptr, size_t size)`
`2834`	`2853`	`ZEND_MM_ASSERT(ZEND_MM_LRUN_PAGES(chunk->map[page_num]) == pages_count);`
`2835`	`2854`	`ZEND_ASAN_POISON_MEMORY_REGION(chunk, sizeof(zend_mm_chunk));`
`2836`	`2855`
	`2856`	`+ ZEND_ASAN_UNPOISON_MEMORY_REGION(AG(mm_heap), sizeof(zend_mm_heap));`
`2837`	`2857`	`zend_mm_free_large(AG(mm_heap), chunk, page_num, pages_count);`
	`2858`	`+ ZEND_ASAN_POISON_MEMORY_REGION(AG(mm_heap), sizeof(zend_mm_heap));`
`2838`	`2859`	`}`
`2839`	`2860`	`}`
`2840`	`2861`
`@@ -3219,7 +3240,10 @@ ZEND_API zend_mm_heap *zend_mm_get_heap(void)`
`3219`	`3240`	`ZEND_API bool zend_mm_is_custom_heap(zend_mm_heap *new_heap)`
`3220`	`3241`	`{`
`3221`	`3242`	`#if ZEND_MM_CUSTOM`
`3222`		`- return AG(mm_heap)->use_custom_heap;`
	`3243`	`+ ZEND_ASAN_UNPOISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));`
	`3244`	`+ bool ret = AG(mm_heap)->use_custom_heap;`
	`3245`	`+ ZEND_ASAN_POISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));`
	`3246`	`+ return ret;`
`3223`	`3247`	`#else`
`3224`	`3248`	`return 0;`
`3225`	`3249`	`#endif`
`@@ -3231,7 +3255,9 @@ ZEND_API void zend_mm_set_custom_handlers(zend_mm_heap *heap,`
`3231`	`3255`	`void* (_realloc)(void, size_t ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC))`
`3232`	`3256`	`{`
`3233`	`3257`	`#if ZEND_MM_CUSTOM`
	`3258`	`+ ZEND_ASAN_UNPOISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));`
`3234`	`3259`	`zend_mm_set_custom_handlers_ex(heap, _malloc, _free, _realloc, NULL, NULL);`
	`3260`	`+ ZEND_ASAN_POISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));`
`3235`	`3261`	`#endif`
`3236`	`3262`	`}`
`3237`	`3263`
`@@ -3243,6 +3269,7 @@ ZEND_API void zend_mm_set_custom_handlers_ex(zend_mm_heap *heap,`
`3243`	`3269`	`void (*_shutdown)(bool, bool))`
`3244`	`3270`	`{`
`3245`	`3271`	`#if ZEND_MM_CUSTOM`
	`3272`	`+ ZEND_ASAN_UNPOISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));`
`3246`	`3273`	`zend_mm_heap _heap = (zend_mm_heap)heap;`
`3247`	`3274`
`3248`	`3275`	`if (!_malloc && !_free && !_realloc) {`
`@@ -3255,6 +3282,7 @@ ZEND_API void zend_mm_set_custom_handlers_ex(zend_mm_heap *heap,`
`3255`	`3282`	`_heap->custom_heap._gc = _gc;`
`3256`	`3283`	`_heap->custom_heap._shutdown = _shutdown;`
`3257`	`3284`	`}`
	`3285`	`+ ZEND_ASAN_POISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));`
`3258`	`3286`	`#endif`
`3259`	`3287`	`}`
`3260`	`3288`
`@@ -3264,7 +3292,9 @@ ZEND_API void zend_mm_get_custom_handlers(zend_mm_heap *heap,`
`3264`	`3292`	`void* (*_realloc)(void, size_t ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC))`
`3265`	`3293`	`{`
`3266`	`3294`	`#if ZEND_MM_CUSTOM`
	`3295`	`+ ZEND_ASAN_UNPOISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));`
`3267`	`3296`	`zend_mm_get_custom_handlers_ex(heap, _malloc, _free, _realloc, NULL, NULL);`
	`3297`	`+ ZEND_ASAN_POISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));`
`3268`	`3298`	`#endif`
`3269`	`3299`	`}`
`3270`	`3300`
`@@ -3276,6 +3306,8 @@ ZEND_API void zend_mm_get_custom_handlers_ex(zend_mm_heap *heap,`
`3276`	`3306`	`void (**_shutdown)(bool, bool))`
`3277`	`3307`	`{`
`3278`	`3308`	`#if ZEND_MM_CUSTOM`
	`3309`	`+ ZEND_ASAN_UNPOISON_MEMORY_REGION(_heap, sizeof(zend_mm_heap));`
	`3310`	`+`
`3279`	`3311`	`zend_mm_heap _heap = (zend_mm_heap)heap;`
`3280`	`3312`
`3281`	`3313`	`if (heap->use_custom_heap) {`
`@@ -3299,6 +3331,7 @@ ZEND_API void zend_mm_get_custom_handlers_ex(zend_mm_heap *heap,`
`3299`	`3331`	`*_shutdown = NULL;`
`3300`	`3332`	`}`
`3301`	`3333`	`}`
	`3334`	`+ ZEND_ASAN_POISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));`
`3302`	`3335`	`#else`
`3303`	`3336`	`*_malloc = NULL;`
`3304`	`3337`	`*_free = NULL;`
`@@ -3311,7 +3344,10 @@ ZEND_API void zend_mm_get_custom_handlers_ex(zend_mm_heap *heap,`
`3311`	`3344`	`ZEND_API zend_mm_storage zend_mm_get_storage(zend_mm_heap heap)`
`3312`	`3345`	`{`
`3313`	`3346`	`#if ZEND_MM_STORAGE`
`3314`		`- return heap->storage;`
	`3347`	`+ ZEND_ASAN_UNPOISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));`
	`3348`	`+ zend_mm_storage *ret = heap->storage;`
	`3349`	`+ ZEND_ASAN_POISON_MEMORY_REGION(heap, sizeof(zend_mm_heap));`
	`3350`	`+ return ret;`
`3315`	`3351`	`#else`
`3316`	`3352`	`return NULL`
`3317`	`3353`	`#endif`