From: Dmitry Stogov <dmitry@php.net>
Date: Thu, 26 Mar 2009 17:29:01 +0000 (+0000)
Subject: Fixed bug #47596 (Bus error on parsing file)
X-Git-Tag: php-5.4.0alpha1~191^2~4048
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=2771eb928ec95dad5cee47a1e241656cb1f2843d;p=php

Fixed bug #47596 (Bus error on parsing file)
---

diff --git a/Zend/tests/bug47596.phpt b/Zend/tests/bug47596.phpt
new file mode 100644
index 0000000000..1fcba21ec3
--- /dev/null
+++ b/Zend/tests/bug47596.phpt
@@ -0,0 +1,63 @@
+--TEST--
+Bug #47596 (Bus error on parsing file, when file size is equal to page size)
+--FILE--
+<?php
+echo "ok\n";
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comm
+?>
+--EXPECT--
+ok
diff --git a/Zend/zend_stream.c b/Zend/zend_stream.c
index 30bcda4765..6cbfe87c1a 100644
--- a/Zend/zend_stream.c
+++ b/Zend/zend_stream.c
@@ -29,6 +29,9 @@
 #include <sys/stat.h>
 #if HAVE_SYS_MMAN_H
 # include <sys/mman.h>
+# ifndef PAGE_SIZE
+#  define PAGE_SIZE 4096
+# endif
 #endif
 
 ZEND_DLIMPORT int isatty(int fd);
@@ -217,7 +220,9 @@ ZEND_API int zend_stream_fixup(zend_file_handle *file_handle, char **buf, size_t
 
 	if (old_type == ZEND_HANDLE_FP && !file_handle->handle.stream.isatty && size) {
 #if HAVE_MMAP
-		if (file_handle->handle.fp) {
+		if (file_handle->handle.fp &&
+		    size != 0 &&
+		    ((size - 1) % PAGE_SIZE) <= PAGE_SIZE - ZEND_MMAP_AHEAD) {
 			/*  *buf[size] is zeroed automatically by the kernel */
 			*buf = mmap(0, size + ZEND_MMAP_AHEAD, PROT_READ, MAP_PRIVATE, fileno(file_handle->handle.fp), 0);
 			if (*buf != MAP_FAILED) {