Review

Author: arnaud-lb

Zend/zend_alloc.c

@@ -149,6 +149,22 @@ static size_t _real_page_size = ZEND_MM_PAGE_SIZE;
 # define ZEND_MM_HEAP_PROTECTION 1 /* protect heap against corruptions       */
 #endif
 
+#if ZEND_MM_HEAP_PROTECTION
+/* Define ZEND_MM_MIN_USEABLE_BIN_SIZE to the size of two pointers */
+# if UINTPTR_MAX == UINT64_MAX
+#  define ZEND_MM_MIN_USEABLE_BIN_SIZE 16
+# elif UINTPTR_MAX == UINT32_MAX
+#  define ZEND_MM_MIN_USEABLE_BIN_SIZE 8
+# else
+#  error
+# endif
+# if ZEND_MM_MIN_USEABLE_BIN_SIZE < ZEND_MM_MIN_SMALL_SIZE
+#  error
+# endif
+#else /* ZEND_MM_HEAP_PROTECTION */
+# define ZEND_MM_MIN_USEABLE_BIN_SIZE ZEND_MM_MIN_SMALL_SIZE
+#endif /* ZEND_MM_HEAP_PROTECTION */
+
 #ifndef ZEND_MM_CHECK
 # define ZEND_MM_CHECK(condition, message)  do { \
 		if (UNEXPECTED(!(condition))) { \
@@ -1336,7 +1352,7 @@ static zend_always_inline zend_mm_free_slot* zend_mm_decode_free_slot(zend_mm_he
 
 static zend_always_inline void zend_mm_set_next_free_slot(zend_mm_heap *heap, uint32_t bin_num, zend_mm_free_slot *slot, zend_mm_free_slot *next)
 {
-	ZEND_ASSERT(bin_data_size[bin_num] >= ZEND_MM_MIN_SMALL_SIZE);
+	ZEND_ASSERT(bin_data_size[bin_num] >= ZEND_MM_MIN_USEABLE_BIN_SIZE);
 
 	slot->next_free_slot = next;
 	ZEND_MM_FREE_SLOT_PTR_SHADOW(slot, bin_num) = zend_mm_encode_free_slot(heap, next);
@@ -1419,7 +1435,7 @@ static zend_never_inline void *zend_mm_alloc_small_slow(zend_mm_heap *heap, uint
 
 static zend_always_inline void *zend_mm_alloc_small(zend_mm_heap *heap, int bin_num ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
 {
-	ZEND_ASSERT(bin_data_size[bin_num] >= ZEND_MM_MIN_SMALL_SIZE);
+	ZEND_ASSERT(bin_data_size[bin_num] >= ZEND_MM_MIN_USEABLE_BIN_SIZE);
 
 #if ZEND_MM_STAT
 	do {
@@ -1441,7 +1457,7 @@ static zend_always_inline void *zend_mm_alloc_small(zend_mm_heap *heap, int bin_
 
 static zend_always_inline void zend_mm_free_small(zend_mm_heap *heap, void *ptr, int bin_num)
 {
-	ZEND_ASSERT(bin_data_size[bin_num] >= ZEND_MM_MIN_SMALL_SIZE);
+	ZEND_ASSERT(bin_data_size[bin_num] >= ZEND_MM_MIN_USEABLE_BIN_SIZE);
 
 	zend_mm_free_slot *p;
 
@@ -1493,8 +1509,8 @@ static zend_always_inline void *zend_mm_alloc_heap(zend_mm_heap *heap, size_t si
 {
 	void *ptr;
 #if ZEND_MM_HEAP_PROTECTION
-	if (size < ZEND_MM_MIN_SMALL_SIZE) {
-		size = ZEND_MM_MIN_SMALL_SIZE;
+	if (size < ZEND_MM_MIN_USEABLE_BIN_SIZE) {
+		size = ZEND_MM_MIN_USEABLE_BIN_SIZE;
 	}
 #endif /* ZEND_MM_HEAP_PROTECTION */
 #if ZEND_DEBUG
@@ -1719,8 +1735,8 @@ static zend_always_inline void *zend_mm_realloc_heap(zend_mm_heap *heap, void *p
 		int page_num = (int)(page_offset / ZEND_MM_PAGE_SIZE);
 		zend_mm_page_info info = chunk->map[page_num];
 #if ZEND_MM_HEAP_PROTECTION
-		if (size < ZEND_MM_MIN_SMALL_SIZE) {
-			size = ZEND_MM_MIN_SMALL_SIZE;
+		if (size < ZEND_MM_MIN_USEABLE_BIN_SIZE) {
+			size = ZEND_MM_MIN_USEABLE_BIN_SIZE;
 		}
 #endif /* ZEND_MM_HEAP_PROTECTION */
 #if ZEND_DEBUG
@@ -2759,14 +2775,16 @@ ZEND_API bool is_zend_ptr(const void *ptr)
 # define ZEND_MM_CUSTOM_DEALLOCATOR(ptr)
 #endif
 
-# define _ZEND_BIN_ALLOCATOR(_num, _size, _elements, _pages, x, y) \
+# define _ZEND_BIN_ALLOCATOR(_num, _size, _elements, _pages, _min_size, y) \
 	ZEND_API void* ZEND_FASTCALL _emalloc_ ## _size(void) { \
-		ZEND_ASSERT(_size >= ZEND_MM_MIN_SMALL_SIZE); \
 		ZEND_MM_CUSTOM_ALLOCATOR(_size); \
+		if (_size < _min_size) { \
+			return _emalloc_ ## _min_size(); \
+		} \
 		return zend_mm_alloc_small(AG(mm_heap), _num ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); \
 	}
 
-ZEND_MM_BINS_INFO(_ZEND_BIN_ALLOCATOR, x, y)
+ZEND_MM_BINS_INFO(_ZEND_BIN_ALLOCATOR, ZEND_MM_MIN_USEABLE_BIN_SIZE, y)
 
 ZEND_API void* ZEND_FASTCALL _emalloc_large(size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
 {
@@ -2781,10 +2799,13 @@ ZEND_API void* ZEND_FASTCALL _emalloc_huge(size_t size)
 }
 
 #if ZEND_DEBUG
-# define _ZEND_BIN_FREE(_num, _size, _elements, _pages, x, y) \
+# define _ZEND_BIN_FREE(_num, _size, _elements, _pages, _min_size, y) \
 	ZEND_API void ZEND_FASTCALL _efree_ ## _size(void *ptr) { \
-		ZEND_ASSERT(_size >= ZEND_MM_MIN_SMALL_SIZE); \
 		ZEND_MM_CUSTOM_DEALLOCATOR(ptr); \
+		if (_size < _min_size) { \
+			_efree_ ## _min_size(ptr); \
+			return; \
+		} \
 		{ \
 			size_t page_offset = ZEND_MM_ALIGNED_OFFSET(ptr, ZEND_MM_CHUNK_SIZE); \
 			zend_mm_chunk *chunk = (zend_mm_chunk*)ZEND_MM_ALIGNED_BASE(ptr, ZEND_MM_CHUNK_SIZE); \
@@ -2796,10 +2817,13 @@ ZEND_API void* ZEND_FASTCALL _emalloc_huge(size_t size)
 		} \
 	}
 #else
-# define _ZEND_BIN_FREE(_num, _size, _elements, _pages, x, y) \
+# define _ZEND_BIN_FREE(_num, _size, _elements, _pages, _min_size, y) \
 	ZEND_API void ZEND_FASTCALL _efree_ ## _size(void *ptr) { \
-		ZEND_ASSERT(_size >= ZEND_MM_MIN_SMALL_SIZE); \
 		ZEND_MM_CUSTOM_DEALLOCATOR(ptr); \
+		if (_size < _min_size) { \
+			_efree_ ## _min_size(ptr); \
+			return; \
+		} \
 		{ \
 			zend_mm_chunk *chunk = (zend_mm_chunk*)ZEND_MM_ALIGNED_BASE(ptr, ZEND_MM_CHUNK_SIZE); \
 			ZEND_MM_CHECK(chunk->heap == AG(mm_heap), "zend_mm_heap corrupted"); \
@@ -2808,7 +2832,7 @@ ZEND_API void* ZEND_FASTCALL _emalloc_huge(size_t size)
 	}
 #endif
 
-ZEND_MM_BINS_INFO(_ZEND_BIN_FREE, x, y)
+ZEND_MM_BINS_INFO(_ZEND_BIN_FREE, ZEND_MM_MIN_USEABLE_BIN_SIZE, y)
 
 ZEND_API void ZEND_FASTCALL _efree_large(void *ptr, size_t size)
 {

Zend/zend_alloc.h

@@ -90,7 +90,7 @@ ZEND_API ZEND_ATTRIBUTE_MALLOC void* ZEND_FASTCALL _emalloc_large(size_t size) Z
 ZEND_API ZEND_ATTRIBUTE_MALLOC void* ZEND_FASTCALL _emalloc_huge(size_t size) ZEND_ATTRIBUTE_ALLOC_SIZE(1);
 
 # define _ZEND_BIN_ALLOCATOR_SELECTOR_START(_num, _size, _elements, _pages, size, y) \
-	((size <= _size && _size >= ZEND_MM_MIN_SMALL_SIZE) ? _emalloc_ ## _size() :
+	((size <= _size) ? _emalloc_ ## _size() :
 # define _ZEND_BIN_ALLOCATOR_SELECTOR_END(_num, _size, _elements, _pages, size, y) \
 	)
 
@@ -115,7 +115,7 @@ ZEND_API void ZEND_FASTCALL _efree_large(void *, size_t size);
 ZEND_API void ZEND_FASTCALL _efree_huge(void *, size_t size);
 
 # define _ZEND_BIN_DEALLOCATOR_SELECTOR_START(_num, _size, _elements, _pages, ptr, size) \
-	if (size <= _size && _size >= ZEND_MM_MIN_SMALL_SIZE) { _efree_ ## _size(ptr); } else
+	if (size <= _size) { _efree_ ## _size(ptr); } else
 
 # define ZEND_DEALLOCATOR(ptr, size) \
 	ZEND_MM_BINS_INFO(_ZEND_BIN_DEALLOCATOR_SELECTOR_START, ptr, size) \

Zend/zend_alloc_sizes.h

@@ -19,20 +19,12 @@
 #ifndef ZEND_ALLOC_SIZES_H
 #define ZEND_ALLOC_SIZES_H
 
-#ifndef ZEND_MM_HEAP_PROTECTION
-# define ZEND_MM_HEAP_PROTECTION 1 /* protect heap against corruptions       */
-#endif
-
 #define ZEND_MM_CHUNK_SIZE ((size_t) (2 * 1024 * 1024))    /* 2 MB  */
 #define ZEND_MM_PAGE_SIZE  (4 * 1024)                      /* 4 KB  */
 #define ZEND_MM_PAGES      (ZEND_MM_CHUNK_SIZE / ZEND_MM_PAGE_SIZE)  /* 512 */
 #define ZEND_MM_FIRST_PAGE (1)
 
-#if ZEND_MM_HEAP_PROTECTION
-# define ZEND_MM_MIN_SMALL_SIZE     (sizeof(void*) * 2)
-#else
-# define ZEND_MM_MIN_SMALL_SIZE     8
-#endif
+#define ZEND_MM_MIN_SMALL_SIZE      8
 #define ZEND_MM_MAX_SMALL_SIZE      3072
 #define ZEND_MM_MAX_LARGE_SIZE      (ZEND_MM_CHUNK_SIZE - (ZEND_MM_PAGE_SIZE * ZEND_MM_FIRST_PAGE))
 

Zend/zend_portability.h

@@ -269,6 +269,16 @@ char *alloca();
 # define ZEND_ATTRIBUTE_UNUSED
 #endif
 
+#if ZEND_GCC_VERSION >= 3003 || __has_attribute(nonnull)
+/* All pointer arguments must be non-null */
+# define ZEND_ATTRIBUTE_NONNULL  __attribute__((nonnull))
+/* Specified arguments must be non-null (1-based) */
+# define ZEND_ATTRIBUTE_NONNULL_ARGS(...)  __attribute__((nonnull(__VA_ARGS__)))
+#else
+# define ZEND_ATTRIBUTE_NONNULL
+# define ZEND_ATTRIBUTE_NONNULL_ARGS(...)
+#endif
+
 #if defined(__GNUC__) && ZEND_GCC_VERSION >= 4003
 # define ZEND_COLD __attribute__((cold))
 # ifdef __OPTIMIZE__

ext/random/csprng.c

@@ -62,22 +62,17 @@
 # include <sanitizer/msan_interface.h>
 #endif
 
-#define php_random_bytes_error(...) do { \
-		if (errstr) { \
-			snprintf(errstr, errstr_size, __VA_ARGS__); \
-		} \
-	} while (0)
-
 #ifndef PHP_WIN32
 static zend_atomic_int random_fd = ZEND_ATOMIC_INT_INITIALIZER(-1);
 #endif
 
+ZEND_ATTRIBUTE_NONNULL
 PHPAPI zend_result php_random_bytes_ex(void *bytes, size_t size, char *errstr, size_t errstr_size)
 {
 #ifdef PHP_WIN32
 	/* Defer to CryptGenRandom on Windows */
 	if (php_win32_get_random_bytes(bytes, size) == FAILURE) {
-		php_random_bytes_error("Failed to retrieve randomness from the operating system (BCryptGenRandom)");
+		snprintf(errstr, errstr_size, "Failed to retrieve randomness from the operating system (BCryptGenRandom)");
 		return FAILURE;
 	}
 #elif HAVE_COMMONCRYPTO_COMMONRANDOM_H
@@ -88,7 +83,7 @@ PHPAPI zend_result php_random_bytes_ex(void *bytes, size_t size, char *errstr, s
 	 * the vast majority of the time, it works fine ; but better make sure we catch failures
 	 */
 	if (CCRandomGenerateBytes(bytes, size) != kCCSuccess) {
-		php_random_bytes_error("Failed to retrieve randomness from the operating system (CCRandomGenerateBytes)");
+		snprintf(errstr, errstr_size, "Failed to retrieve randomness from the operating system (CCRandomGenerateBytes)");
 		return FAILURE;
 	}
 #elif HAVE_DECL_ARC4RANDOM_BUF && ((defined(__OpenBSD__) && OpenBSD >= 201405) || (defined(__NetBSD__) && __NetBSD_Version__ >= 700000001 && __NetBSD_Version__ < 1000000000) || \
@@ -162,9 +157,9 @@ PHPAPI zend_result php_random_bytes_ex(void *bytes, size_t size, char *errstr, s
 			fd = open("/dev/urandom", O_RDONLY);
 			if (fd < 0) {
 				if (errno != 0) {
-					php_random_bytes_error("Cannot open /dev/urandom: %s", strerror(errno));
+					snprintf(errstr, errstr_size, "Cannot open /dev/urandom: %s", strerror(errno));
 				} else {
-					php_random_bytes_error("Cannot open /dev/urandom");
+					snprintf(errstr, errstr_size, "Cannot open /dev/urandom");
 				}
 				return FAILURE;
 			}
@@ -180,9 +175,9 @@ PHPAPI zend_result php_random_bytes_ex(void *bytes, size_t size, char *errstr, s
 			) {
 				close(fd);
 				if (errno != 0) {
-					php_random_bytes_error("Error reading from /dev/urandom: %s", strerror(errno));
+					snprintf(errstr, errstr_size, "Error reading from /dev/urandom: %s", strerror(errno));
 				} else {
-					php_random_bytes_error("Error reading from /dev/urandom");
+					snprintf(errstr, errstr_size, "Error reading from /dev/urandom");
 				}
 				return FAILURE;
 			}
@@ -201,9 +196,9 @@ PHPAPI zend_result php_random_bytes_ex(void *bytes, size_t size, char *errstr, s
 
 			if (n <= 0) {
 				if (errno != 0) {
-					php_random_bytes_error("Could not gather sufficient random data: %s", strerror(errno));
+					snprintf(errstr, errstr_size, "Could not gather sufficient random data: %s", strerror(errno));
 				} else {
-					php_random_bytes_error("Could not gather sufficient random data");
+					snprintf(errstr, errstr_size, "Could not gather sufficient random data");
 				}
 				return FAILURE;
 			}
@@ -219,9 +214,7 @@ PHPAPI zend_result php_random_bytes_ex(void *bytes, size_t size, char *errstr, s
 PHPAPI zend_result php_random_bytes(void *bytes, size_t size, bool should_throw)
 {
 	char errstr[128];
-
-	zend_result result = php_random_bytes_ex(bytes, size,
-			should_throw ? errstr : NULL, should_throw ? sizeof(errstr) : 0);
+	zend_result result = php_random_bytes_ex(bytes, size, errstr, sizeof(errstr));
 
 	if (result == FAILURE && should_throw) {
 		zend_throw_exception(random_ce_Random_RandomException, errstr, 0);