Fixed bug #47596 (Bus error on parsing file)

diff --git a/NEWS b/NEWS
index 4d48cd9682fab7501281c136d42c39385c84e15d..b5b2d12dc703fcb2f594395425f68903cf15becc 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,7 @@ PHP                                                                        NEWS
 - Fixed bug #47714 (autoloading classes inside exception_handler leads to
   crashes). (Dmitry)
 - Fixed bug #47699 (autoload and late static binding). (Dmitry)
+- Fixed bug #47596 (Bus error on parsing file). (Dmitry)
 - Fixed bug #47516 (nowdoc can not be embed in heredoc but can be embed in
   double quote). (Dmitry)
 - Fixed bug #47038 (Memory leak in include). (Dmitry)

diff --git a/Zend/tests/bug47596.phpt b/Zend/tests/bug47596.phpt
new file mode 100644 (file)
index 0000000..1fcba21
--- /dev/null
+++ b/Zend/tests/bug47596.phpt
@@ -0,0 +1,63 @@
+--TEST--
+Bug #47596 (Bus error on parsing file, when file size is equal to page size)
+--FILE--
+<?php
+echo "ok\n";
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comm
+?>
+--EXPECT--
+ok

diff --git a/Zend/zend_stream.c b/Zend/zend_stream.c
index 1b63daafd6d25e7a0247dbd6ffbfb66ae8f2008e..de054bb0727fbdd8ec0267a18bf6d88b23b2c5c4 100644 (file)
--- a/Zend/zend_stream.c
+++ b/Zend/zend_stream.c
@@ -29,6 +29,9 @@
 #include <sys/stat.h>
 #if HAVE_SYS_MMAN_H
 # include <sys/mman.h>
+# ifndef PAGE_SIZE
+#  define PAGE_SIZE 4096
+# endif
 #endif
 
 ZEND_DLIMPORT int isatty(int fd);
@@ -212,7 +215,9 @@ ZEND_API int zend_stream_fixup(zend_file_handle *file_handle, char **buf, size_t
 
        if (old_type == ZEND_HANDLE_FP && !file_handle->handle.stream.isatty && size) {
 #if HAVE_MMAP
-               if (file_handle->handle.fp) {
+               if (file_handle->handle.fp &&
+                   size != 0 &&
+                   ((size - 1) % PAGE_SIZE) <= PAGE_SIZE - ZEND_MMAP_AHEAD) {
                        /*  *buf[size] is zeroed automatically by the kernel */
                        *buf = mmap(0, size + ZEND_MMAP_AHEAD, PROT_READ, MAP_PRIVATE, fileno(file_handle->handle.fp), 0);
                        if (*buf != MAP_FAILED) {