- Core:
. Fixed bug #78535 (auto_detect_line_endings value not parsed as bool).
(bugreportuser)
+ . Fixed bug #78620 (Out of memory error). (cmb, Nikita)
- Exif:
. Fixed bug #78442 ('Illegal component' on exif_read_data since PHP7)
* We allocate them with 2MB size granularity, to avoid many
* reallocations when they are extended by small pieces
*/
- size_t new_size = ZEND_MM_ALIGNED_SIZE_EX(size, MAX(REAL_PAGE_SIZE, ZEND_MM_CHUNK_SIZE));
+ size_t alignment = MAX(REAL_PAGE_SIZE, ZEND_MM_CHUNK_SIZE);
#else
- size_t new_size = ZEND_MM_ALIGNED_SIZE_EX(size, REAL_PAGE_SIZE);
+ size_t alignment = REAL_PAGE_SIZE;
#endif
+ size_t new_size = ZEND_MM_ALIGNED_SIZE_EX(size, alignment);
void *ptr;
+ if (UNEXPECTED(new_size < size)) {
+ zend_error_noreturn(E_ERROR, "Possible integer overflow in memory allocation (%zu + %zu)", size, alignment);
+ }
+
#if ZEND_MM_LIMIT
if (UNEXPECTED(new_size > heap->limit - heap->real_size)) {
if (zend_mm_gc(heap) && new_size <= heap->limit - heap->real_size) {
No overflow should occur during the memory_limit check for wordwrap()
--SKIPIF--
<?php
+if (substr(PHP_OS, 0, 3) == 'WIN' && PHP_INT_SIZE == 4) die("skip this test is not for 32bit Windows platforms");
if (getenv("USE_ZEND_ALLOC") === "0") die("skip Zend MM disabled");
?>
--INI--
--- /dev/null
+--TEST--
+No overflow should occur during the memory_limit check for wordwrap()
+--SKIPIF--
+<?php
+if (substr(PHP_OS, 0, 3) != 'WIN' || PHP_INT_SIZE != 4) die("skip this test is for 32bit Windows platforms only");
+if (getenv("USE_ZEND_ALLOC") === "0") die("skip Zend MM disabled");
+?>
+--INI--
+memory_limit=128M
+--FILE--
+<?php
+
+$str = str_repeat('x', 65534);
+$str2 = str_repeat('x', 65535);
+wordwrap($str, 1, $str2);
+
+?>
+--EXPECTF--
+Fatal error: Possible integer overflow in memory allocation (4294901777 + %d) in %s on line %d
projects / php / commitdiff