- Core:
. Fixed bug #67878 (program_prefix not honoured in man pages). (Remi)
-- GD
+- GD:
. Made fontFetch's path parser thread-safe. (Sara)
+- GMP:
+ . Fixed bug #67917 (Using GMP objects with overloaded operators can cause
+ memory exhaustion). (Nikita Popov)
+
- MySQLi:
. Fixed bug #67839 (mysqli does not handle 4-byte floats correctly). (Keyur)
-- OpenSSL
- . Fixed bug #67850 (extension won't build if openssl compiled without SSLv3)
+- OpenSSL:
+ . Fixed bug #67850 (extension won't build if openssl compiled without SSLv3).
(Daniel Lowrey)
28 Aug 2014, PHP 5.6.0
--- /dev/null
+--TEST--
+Bug #67917: Using GMP objects with overloaded operators can cause memory exhaustion
+--FILE--
+<?php
+
+$mem1 = memory_get_usage();
+for ($i = 0; $i < 1000; $i++) {
+ $gmp = gmp_init(42);
+ $gmp <<= 1;
+}
+$mem2 = memory_get_usage();
+
+var_dump($mem2 - $mem1 < 100000);
+
+?>
+--EXPECT--
+bool(true)
gmp_zval_unary_op(result, op1, op TSRMLS_CC); \
return SUCCESS;
-static int gmp_do_operation(zend_uchar opcode, zval *result, zval *op1, zval *op2 TSRMLS_DC) /* {{{ */
+static int gmp_do_operation_ex(zend_uchar opcode, zval *result, zval *op1, zval *op2 TSRMLS_DC) /* {{{ */
{
switch (opcode) {
case ZEND_ADD:
}
/* }}} */
+static int gmp_do_operation(zend_uchar opcode, zval *result, zval *op1, zval *op2 TSRMLS_DC) /* {{{ */
+{
+ zval op1_copy;
+ int retval;
+
+ if (result == op1) {
+ ZVAL_COPY_VALUE(&op1_copy, op1);
+ op1 = &op1_copy;
+ }
+
+ retval = gmp_do_operation_ex(opcode, result, op1, op2 TSRMLS_CC);
+
+ if (retval == SUCCESS && op1 == &op1_copy) {
+ zval_dtor(op1);
+ }
+
+ return retval;
+}
+/* }}} */
+
static int gmp_compare(zval *result, zval *op1, zval *op2 TSRMLS_DC) /* {{{ */
{
gmp_cmp(result, op1, op2 TSRMLS_CC);
projects / php / commitdiff