From f2b7adffb50e2ec8d2dbdd332c95aa6a141ab21b Mon Sep 17 00:00:00 2001
From: Dmitry Stogov <dmitry@php.net>
Date: Thu, 26 Mar 2009 17:28:49 +0000
Subject: [PATCH] Fixed bug #47596 (Bus error on parsing file)

---
 NEWS                     |  1 +
 Zend/tests/bug47596.phpt | 63 ++++++++++++++++++++++++++++++++++++++++
 Zend/zend_stream.c       |  7 ++++-
 3 files changed, 70 insertions(+), 1 deletion(-)
 create mode 100644 Zend/tests/bug47596.phpt

diff --git a/NEWS b/NEWS
index 4d48cd9682..b5b2d12dc7 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,7 @@ PHP                                                                        NEWS
 - Fixed bug #47714 (autoloading classes inside exception_handler leads to
   crashes). (Dmitry)
 - Fixed bug #47699 (autoload and late static binding). (Dmitry)
+- Fixed bug #47596 (Bus error on parsing file). (Dmitry)
 - Fixed bug #47516 (nowdoc can not be embed in heredoc but can be embed in
   double quote). (Dmitry)
 - Fixed bug #47038 (Memory leak in include). (Dmitry)
diff --git a/Zend/tests/bug47596.phpt b/Zend/tests/bug47596.phpt
new file mode 100644
index 0000000000..1fcba21ec3
--- /dev/null
+++ b/Zend/tests/bug47596.phpt
@@ -0,0 +1,63 @@
+--TEST--
+Bug #47596 (Bus error on parsing file, when file size is equal to page size)
+--FILE--
+<?php
+echo "ok\n";
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comment comment comment comment comment comment comment
+// comment comment comm
+?>
+--EXPECT--
+ok
diff --git a/Zend/zend_stream.c b/Zend/zend_stream.c
index 1b63daafd6..de054bb072 100644
--- a/Zend/zend_stream.c
+++ b/Zend/zend_stream.c
@@ -29,6 +29,9 @@
 #include <sys/stat.h>
 #if HAVE_SYS_MMAN_H
 # include <sys/mman.h>
+# ifndef PAGE_SIZE
+#  define PAGE_SIZE 4096
+# endif
 #endif
 
 ZEND_DLIMPORT int isatty(int fd);
@@ -212,7 +215,9 @@ ZEND_API int zend_stream_fixup(zend_file_handle *file_handle, char **buf, size_t
 
 	if (old_type == ZEND_HANDLE_FP && !file_handle->handle.stream.isatty && size) {
 #if HAVE_MMAP
-		if (file_handle->handle.fp) {
+		if (file_handle->handle.fp &&
+		    size != 0 &&
+		    ((size - 1) % PAGE_SIZE) <= PAGE_SIZE - ZEND_MMAP_AHEAD) {
 			/*  *buf[size] is zeroed automatically by the kernel */
 			*buf = mmap(0, size + ZEND_MMAP_AHEAD, PROT_READ, MAP_PRIVATE, fileno(file_handle->handle.fp), 0);
 			if (*buf != MAP_FAILED) {
-- 
2.40.0