From: Dmitry Stogov Date: Fri, 23 Mar 2007 07:59:26 +0000 (+0000) Subject: Fixed bug #40883 (mysql_query() is allocating memory incorrectly). (Tony) X-Git-Tag: php-5.2.2RC1~107 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=2dd2ac6d50c9091daa7bbf1e50a8e50b82e3f853;p=php Fixed bug #40883 (mysql_query() is allocating memory incorrectly). (Tony) --- diff --git a/NEWS b/NEWS index c2bc14c9bc..229976b169 100644 --- a/NEWS +++ b/NEWS @@ -9,8 +9,10 @@ PHP NEWS - Upgraded SQLite 3 to version 3.3.13 (Ilia) - Upgraded PCRE to version 7.0 (Nuno) - Updated timezone database to version 2007.3. (Derick) -- Improved Zend Memory Manager to guarantee reasonable time for worst cases - of best-fit free block searching algorithm. (Dmitry) +- Improved Zend Memory Manager + . guarantee of reasonable time for worst cases of best-fit free block + searching algorithm. (Dmitry) + . better cache usage and less fragmentation on erealloc() (Tony, Dmitry) - Improved SPL (Marcus) . Added SplFileInfo::getBasename(), DirectoryIterator::getBasename(). . Added SplFileInfo::getLinkTarget(), SplFileInfo::getRealPath(). @@ -33,6 +35,7 @@ PHP NEWS - Fixed zend_llist_remove_tail (Michael Wallner, Dmitry) - Fixed a thread safety issue in gd gif read code (Nuno, Roman Nemecek) - Fixed CVE-2007-1001, GD wbmp used with invalid image size (Pierre) +- Fixed bug #40883 (mysql_query() is allocating memory incorrectly). (Tony) - Fixed bug #40872 (inconsistency in offsetSet, offsetExists treatment of string enclosed integers). (Marcus) - Fixed bug #40861 (Multiple +/- on relative units breaks strtotime()). (Ilia) diff --git a/Zend/zend_alloc.c b/Zend/zend_alloc.c index 9fdc212b03..9515cd4a1a 100644 --- a/Zend/zend_alloc.c +++ b/Zend/zend_alloc.c @@ -1969,6 +1969,50 @@ static void *_zend_mm_realloc_int(zend_mm_heap *heap, void *p, size_t size ZEND_ return p; } +#if ZEND_MM_CACHE + if (ZEND_MM_SMALL_SIZE(true_size)) { + size_t index = ZEND_MM_BUCKET_INDEX(true_size); + + if (heap->cache[index] != NULL) { + zend_mm_free_block *best_fit; + zend_mm_free_block **cache; + +#if ZEND_MM_CACHE_STAT + heap->cache_stat[index].count--; + heap->cache_stat[index].hit++; +#endif + best_fit = heap->cache[index]; + heap->cache[index] = best_fit->prev_free_block; + ZEND_MM_CHECK_MAGIC(best_fit, MEM_BLOCK_CACHED); + ZEND_MM_SET_DEBUG_INFO(best_fit, size, 1, 0); + + ptr = ZEND_MM_DATA_OF(best_fit); + +#if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION + memcpy(ptr, p, mm_block->debug.size); +#else + memcpy(ptr, p, orig_size - ZEND_MM_ALIGNED_HEADER_SIZE); +#endif + + heap->cached -= true_size - orig_size; + + index = ZEND_MM_BUCKET_INDEX(orig_size); + cache = &heap->cache[index]; + + ((zend_mm_free_block*)mm_block)->prev_free_block = *cache; + *cache = (zend_mm_free_block*)mm_block; + ZEND_MM_SET_MAGIC(mm_block, MEM_BLOCK_CACHED); +#if ZEND_MM_CACHE_STAT + if (++heap->cache_stat[index].count > heap->cache_stat[index].max_count) { + heap->cache_stat[index].max_count = heap->cache_stat[index].count; + } +#endif + + return ptr; + } + } +#endif + next_block = ZEND_MM_BLOCK_AT(mm_block, orig_size); if (ZEND_MM_IS_FREE_BLOCK(next_block)) {