zend_alloc.c

Dmitry Stogov Tue, 13 Sep 2011 00:02:35 -0700

dmitry                                   Tue, 13 Sep 2011 07:01:46 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=316590


Log:
Fixed bug #55509 (segfault on x86_64 using more than 2G memory). (Laruence)

Bug: https://bugs.php.net/55509 (Verified) segfault on x86_64 using more than 
2G memory
      
Changed paths:
    U   php/php-src/branches/PHP_5_3/NEWS
    A   php/php-src/branches/PHP_5_3/Zend/tests/bug55509.phpt
    U   php/php-src/branches/PHP_5_3/Zend/zend_alloc.c
    A   php/php-src/branches/PHP_5_4/Zend/tests/bug55509.phpt
    U   php/php-src/branches/PHP_5_4/Zend/zend_alloc.c
    A   php/php-src/trunk/Zend/tests/bug55509.phpt
    U   php/php-src/trunk/Zend/zend_alloc.c

Modified: php/php-src/branches/PHP_5_3/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3/NEWS   2011-09-13 06:22:25 UTC (rev 316589)
+++ php/php-src/branches/PHP_5_3/NEWS   2011-09-13 07:01:46 UTC (rev 316590)
@@ -8,6 +8,7 @@
   . Fixed bug #55366: keys lost when using substr_replace an array. (Arpad)
   . Fixed bug #55510: $_FILES 'name' missing first character after upload.
     (Arpad)
+  . Fixed bug #55509 (segfault on x86_64 using more than 2G memory). (Laruence)
   . Fixed bug #55576: Cannot conditionally move uploaded file without race
     condition. (Gustavo)
   . Fixed bug #55504 (Content-Type header is not parsed correctly on

Added: php/php-src/branches/PHP_5_3/Zend/tests/bug55509.phpt
===================================================================
--- php/php-src/branches/PHP_5_3/Zend/tests/bug55509.phpt                       
        (rev 0)
+++ php/php-src/branches/PHP_5_3/Zend/tests/bug55509.phpt       2011-09-13 
07:01:46 UTC (rev 316590)
@@ -0,0 +1,33 @@
+--TEST--
+Bug #55509 (segfault on x86_64 using more than 2G memory)
+--SKIPIF--
+<?php
+if (PHP_INT_SIZE == 4) {
+  die('skip Not for 32-bits OS');
+}
+?>
+--INI--
+memory_limit=3G
+--FILE--
+<?php
+$a1 = str_repeat("1", 1024 * 1024 * 1024 * 0.5);
+echo "1\n";
+$a2 = str_repeat("2", 1024 * 1024 * 1024 * 0.5);
+echo "2\n";
+$a3 = str_repeat("3", 1024 * 1024 * 1024 * 0.5);
+echo "3\n";
+$a4 = str_repeat("4", 1024 * 1024 * 1024 * 0.5);
+echo "4\n";
+$a5 = str_repeat("5", 1024 * 1024 * 1024 * 0.5);
+echo "5\n";
+$a6 = str_repeat("6", 1024 * 1024 * 1024 * 0.5);
+echo "6\n";
+?>
+--EXPECTF--
+1
+2
+3
+4
+5
+
+Fatal error: Allowed memory size of %d bytes exhausted (tried to allocate %d 
bytes) in %s/bug55509.php on line %d

Modified: php/php-src/branches/PHP_5_3/Zend/zend_alloc.c
===================================================================
--- php/php-src/branches/PHP_5_3/Zend/zend_alloc.c      2011-09-13 06:22:25 UTC 
(rev 316589)
+++ php/php-src/branches/PHP_5_3/Zend/zend_alloc.c      2011-09-13 07:01:46 UTC 
(rev 316590)
@@ -510,7 +510,7 @@
 #define ZEND_MM_IS_GUARD_BLOCK(b)              (((b)->info._size & 
ZEND_MM_TYPE_MASK) == ZEND_MM_GUARD_BLOCK)

 #define ZEND_MM_NEXT_BLOCK(b)                  ZEND_MM_BLOCK_AT(b, 
ZEND_MM_BLOCK_SIZE(b))
-#define ZEND_MM_PREV_BLOCK(b)                  ZEND_MM_BLOCK_AT(b, 
-(int)((b)->info._prev & ~ZEND_MM_TYPE_MASK))
+#define ZEND_MM_PREV_BLOCK(b)                  ZEND_MM_BLOCK_AT(b, 
-(ssize_t)((b)->info._prev & ~ZEND_MM_TYPE_MASK))

 #define ZEND_MM_PREV_BLOCK_IS_FREE(b)  (!((b)->info._prev & 
ZEND_MM_USED_BLOCK))


Added: php/php-src/branches/PHP_5_4/Zend/tests/bug55509.phpt
===================================================================
--- php/php-src/branches/PHP_5_4/Zend/tests/bug55509.phpt                       
        (rev 0)
+++ php/php-src/branches/PHP_5_4/Zend/tests/bug55509.phpt       2011-09-13 
07:01:46 UTC (rev 316590)
@@ -0,0 +1,33 @@
+--TEST--
+Bug #55509 (segfault on x86_64 using more than 2G memory)
+--SKIPIF--
+<?php
+if (PHP_INT_SIZE == 4) {
+  die('skip Not for 32-bits OS');
+}
+?>
+--INI--
+memory_limit=3G
+--FILE--
+<?php
+$a1 = str_repeat("1", 1024 * 1024 * 1024 * 0.5);
+echo "1\n";
+$a2 = str_repeat("2", 1024 * 1024 * 1024 * 0.5);
+echo "2\n";
+$a3 = str_repeat("3", 1024 * 1024 * 1024 * 0.5);
+echo "3\n";
+$a4 = str_repeat("4", 1024 * 1024 * 1024 * 0.5);
+echo "4\n";
+$a5 = str_repeat("5", 1024 * 1024 * 1024 * 0.5);
+echo "5\n";
+$a6 = str_repeat("6", 1024 * 1024 * 1024 * 0.5);
+echo "6\n";
+?>
+--EXPECTF--
+1
+2
+3
+4
+5
+
+Fatal error: Allowed memory size of %d bytes exhausted (tried to allocate %d 
bytes) in %s/bug55509.php on line %d

Modified: php/php-src/branches/PHP_5_4/Zend/zend_alloc.c
===================================================================
--- php/php-src/branches/PHP_5_4/Zend/zend_alloc.c      2011-09-13 06:22:25 UTC 
(rev 316589)
+++ php/php-src/branches/PHP_5_4/Zend/zend_alloc.c      2011-09-13 07:01:46 UTC 
(rev 316590)
@@ -515,7 +515,7 @@
 #define ZEND_MM_IS_GUARD_BLOCK(b)              (((b)->info._size & 
ZEND_MM_TYPE_MASK) == ZEND_MM_GUARD_BLOCK)

 #define ZEND_MM_NEXT_BLOCK(b)                  ZEND_MM_BLOCK_AT(b, 
ZEND_MM_BLOCK_SIZE(b))
-#define ZEND_MM_PREV_BLOCK(b)                  ZEND_MM_BLOCK_AT(b, 
-(int)((b)->info._prev & ~ZEND_MM_TYPE_MASK))
+#define ZEND_MM_PREV_BLOCK(b)                  ZEND_MM_BLOCK_AT(b, 
-(ssize_t)((b)->info._prev & ~ZEND_MM_TYPE_MASK))

 #define ZEND_MM_PREV_BLOCK_IS_FREE(b)  (!((b)->info._prev & 
ZEND_MM_USED_BLOCK))


Added: php/php-src/trunk/Zend/tests/bug55509.phpt
===================================================================
--- php/php-src/trunk/Zend/tests/bug55509.phpt                          (rev 0)
+++ php/php-src/trunk/Zend/tests/bug55509.phpt  2011-09-13 07:01:46 UTC (rev 
316590)
@@ -0,0 +1,33 @@
+--TEST--
+Bug #55509 (segfault on x86_64 using more than 2G memory)
+--SKIPIF--
+<?php
+if (PHP_INT_SIZE == 4) {
+  die('skip Not for 32-bits OS');
+}
+?>
+--INI--
+memory_limit=3G
+--FILE--
+<?php
+$a1 = str_repeat("1", 1024 * 1024 * 1024 * 0.5);
+echo "1\n";
+$a2 = str_repeat("2", 1024 * 1024 * 1024 * 0.5);
+echo "2\n";
+$a3 = str_repeat("3", 1024 * 1024 * 1024 * 0.5);
+echo "3\n";
+$a4 = str_repeat("4", 1024 * 1024 * 1024 * 0.5);
+echo "4\n";
+$a5 = str_repeat("5", 1024 * 1024 * 1024 * 0.5);
+echo "5\n";
+$a6 = str_repeat("6", 1024 * 1024 * 1024 * 0.5);
+echo "6\n";
+?>
+--EXPECTF--
+1
+2
+3
+4
+5
+
+Fatal error: Allowed memory size of %d bytes exhausted (tried to allocate %d 
bytes) in %s/bug55509.php on line %d

Modified: php/php-src/trunk/Zend/zend_alloc.c
===================================================================
--- php/php-src/trunk/Zend/zend_alloc.c 2011-09-13 06:22:25 UTC (rev 316589)
+++ php/php-src/trunk/Zend/zend_alloc.c 2011-09-13 07:01:46 UTC (rev 316590)
@@ -515,7 +515,7 @@
 #define ZEND_MM_IS_GUARD_BLOCK(b)              (((b)->info._size & 
ZEND_MM_TYPE_MASK) == ZEND_MM_GUARD_BLOCK)

 #define ZEND_MM_NEXT_BLOCK(b)                  ZEND_MM_BLOCK_AT(b, 
ZEND_MM_BLOCK_SIZE(b))
-#define ZEND_MM_PREV_BLOCK(b)                  ZEND_MM_BLOCK_AT(b, 
-(int)((b)->info._prev & ~ZEND_MM_TYPE_MASK))
+#define ZEND_MM_PREV_BLOCK(b)                  ZEND_MM_BLOCK_AT(b, 
-(ssize_t)((b)->info._prev & ~ZEND_MM_TYPE_MASK))

 #define ZEND_MM_PREV_BLOCK_IS_FREE(b)  (!((b)->info._prev & 
ZEND_MM_USED_BLOCK))

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/tests/bug55509.phpt branches/PHP_5_3/Zend/zend_alloc.c branches/PHP_5_4/Zend/tests/bug55509.phpt branches/PHP_5_4/Zend/zend_alloc.c trunk/Zend/tests/bug55509.phpt trunk/Zend/zend_alloc.c

Reply via email to