dmitry Tue, 13 Sep 2011 07:01:46 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=316590
Log: Fixed bug #55509 (segfault on x86_64 using more than 2G memory). (Laruence) Bug: https://bugs.php.net/55509 (Verified) segfault on x86_64 using more than 2G memory Changed paths: U php/php-src/branches/PHP_5_3/NEWS A php/php-src/branches/PHP_5_3/Zend/tests/bug55509.phpt U php/php-src/branches/PHP_5_3/Zend/zend_alloc.c A php/php-src/branches/PHP_5_4/Zend/tests/bug55509.phpt U php/php-src/branches/PHP_5_4/Zend/zend_alloc.c A php/php-src/trunk/Zend/tests/bug55509.phpt U php/php-src/trunk/Zend/zend_alloc.c Modified: php/php-src/branches/PHP_5_3/NEWS =================================================================== --- php/php-src/branches/PHP_5_3/NEWS 2011-09-13 06:22:25 UTC (rev 316589) +++ php/php-src/branches/PHP_5_3/NEWS 2011-09-13 07:01:46 UTC (rev 316590) @@ -8,6 +8,7 @@ . Fixed bug #55366: keys lost when using substr_replace an array. (Arpad) . Fixed bug #55510: $_FILES 'name' missing first character after upload. (Arpad) + . Fixed bug #55509 (segfault on x86_64 using more than 2G memory). (Laruence) . Fixed bug #55576: Cannot conditionally move uploaded file without race condition. (Gustavo) . Fixed bug #55504 (Content-Type header is not parsed correctly on Added: php/php-src/branches/PHP_5_3/Zend/tests/bug55509.phpt =================================================================== --- php/php-src/branches/PHP_5_3/Zend/tests/bug55509.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/Zend/tests/bug55509.phpt 2011-09-13 07:01:46 UTC (rev 316590) @@ -0,0 +1,33 @@ +--TEST-- +Bug #55509 (segfault on x86_64 using more than 2G memory) +--SKIPIF-- +<?php +if (PHP_INT_SIZE == 4) { + die('skip Not for 32-bits OS'); +} +?> +--INI-- +memory_limit=3G +--FILE-- +<?php +$a1 = str_repeat("1", 1024 * 1024 * 1024 * 0.5); +echo "1\n"; +$a2 = str_repeat("2", 1024 * 1024 * 1024 * 0.5); +echo "2\n"; +$a3 = str_repeat("3", 1024 * 1024 * 1024 * 0.5); +echo "3\n"; +$a4 = str_repeat("4", 1024 * 1024 * 1024 * 0.5); +echo "4\n"; +$a5 = str_repeat("5", 1024 * 1024 * 1024 * 0.5); +echo "5\n"; +$a6 = str_repeat("6", 1024 * 1024 * 1024 * 0.5); +echo "6\n"; +?> +--EXPECTF-- +1 +2 +3 +4 +5 + +Fatal error: Allowed memory size of %d bytes exhausted (tried to allocate %d bytes) in %s/bug55509.php on line %d Modified: php/php-src/branches/PHP_5_3/Zend/zend_alloc.c =================================================================== --- php/php-src/branches/PHP_5_3/Zend/zend_alloc.c 2011-09-13 06:22:25 UTC (rev 316589) +++ php/php-src/branches/PHP_5_3/Zend/zend_alloc.c 2011-09-13 07:01:46 UTC (rev 316590) @@ -510,7 +510,7 @@ #define ZEND_MM_IS_GUARD_BLOCK(b) (((b)->info._size & ZEND_MM_TYPE_MASK) == ZEND_MM_GUARD_BLOCK) #define ZEND_MM_NEXT_BLOCK(b) ZEND_MM_BLOCK_AT(b, ZEND_MM_BLOCK_SIZE(b)) -#define ZEND_MM_PREV_BLOCK(b) ZEND_MM_BLOCK_AT(b, -(int)((b)->info._prev & ~ZEND_MM_TYPE_MASK)) +#define ZEND_MM_PREV_BLOCK(b) ZEND_MM_BLOCK_AT(b, -(ssize_t)((b)->info._prev & ~ZEND_MM_TYPE_MASK)) #define ZEND_MM_PREV_BLOCK_IS_FREE(b) (!((b)->info._prev & ZEND_MM_USED_BLOCK)) Added: php/php-src/branches/PHP_5_4/Zend/tests/bug55509.phpt =================================================================== --- php/php-src/branches/PHP_5_4/Zend/tests/bug55509.phpt (rev 0) +++ php/php-src/branches/PHP_5_4/Zend/tests/bug55509.phpt 2011-09-13 07:01:46 UTC (rev 316590) @@ -0,0 +1,33 @@ +--TEST-- +Bug #55509 (segfault on x86_64 using more than 2G memory) +--SKIPIF-- +<?php +if (PHP_INT_SIZE == 4) { + die('skip Not for 32-bits OS'); +} +?> +--INI-- +memory_limit=3G +--FILE-- +<?php +$a1 = str_repeat("1", 1024 * 1024 * 1024 * 0.5); +echo "1\n"; +$a2 = str_repeat("2", 1024 * 1024 * 1024 * 0.5); +echo "2\n"; +$a3 = str_repeat("3", 1024 * 1024 * 1024 * 0.5); +echo "3\n"; +$a4 = str_repeat("4", 1024 * 1024 * 1024 * 0.5); +echo "4\n"; +$a5 = str_repeat("5", 1024 * 1024 * 1024 * 0.5); +echo "5\n"; +$a6 = str_repeat("6", 1024 * 1024 * 1024 * 0.5); +echo "6\n"; +?> +--EXPECTF-- +1 +2 +3 +4 +5 + +Fatal error: Allowed memory size of %d bytes exhausted (tried to allocate %d bytes) in %s/bug55509.php on line %d Modified: php/php-src/branches/PHP_5_4/Zend/zend_alloc.c =================================================================== --- php/php-src/branches/PHP_5_4/Zend/zend_alloc.c 2011-09-13 06:22:25 UTC (rev 316589) +++ php/php-src/branches/PHP_5_4/Zend/zend_alloc.c 2011-09-13 07:01:46 UTC (rev 316590) @@ -515,7 +515,7 @@ #define ZEND_MM_IS_GUARD_BLOCK(b) (((b)->info._size & ZEND_MM_TYPE_MASK) == ZEND_MM_GUARD_BLOCK) #define ZEND_MM_NEXT_BLOCK(b) ZEND_MM_BLOCK_AT(b, ZEND_MM_BLOCK_SIZE(b)) -#define ZEND_MM_PREV_BLOCK(b) ZEND_MM_BLOCK_AT(b, -(int)((b)->info._prev & ~ZEND_MM_TYPE_MASK)) +#define ZEND_MM_PREV_BLOCK(b) ZEND_MM_BLOCK_AT(b, -(ssize_t)((b)->info._prev & ~ZEND_MM_TYPE_MASK)) #define ZEND_MM_PREV_BLOCK_IS_FREE(b) (!((b)->info._prev & ZEND_MM_USED_BLOCK)) Added: php/php-src/trunk/Zend/tests/bug55509.phpt =================================================================== --- php/php-src/trunk/Zend/tests/bug55509.phpt (rev 0) +++ php/php-src/trunk/Zend/tests/bug55509.phpt 2011-09-13 07:01:46 UTC (rev 316590) @@ -0,0 +1,33 @@ +--TEST-- +Bug #55509 (segfault on x86_64 using more than 2G memory) +--SKIPIF-- +<?php +if (PHP_INT_SIZE == 4) { + die('skip Not for 32-bits OS'); +} +?> +--INI-- +memory_limit=3G +--FILE-- +<?php +$a1 = str_repeat("1", 1024 * 1024 * 1024 * 0.5); +echo "1\n"; +$a2 = str_repeat("2", 1024 * 1024 * 1024 * 0.5); +echo "2\n"; +$a3 = str_repeat("3", 1024 * 1024 * 1024 * 0.5); +echo "3\n"; +$a4 = str_repeat("4", 1024 * 1024 * 1024 * 0.5); +echo "4\n"; +$a5 = str_repeat("5", 1024 * 1024 * 1024 * 0.5); +echo "5\n"; +$a6 = str_repeat("6", 1024 * 1024 * 1024 * 0.5); +echo "6\n"; +?> +--EXPECTF-- +1 +2 +3 +4 +5 + +Fatal error: Allowed memory size of %d bytes exhausted (tried to allocate %d bytes) in %s/bug55509.php on line %d Modified: php/php-src/trunk/Zend/zend_alloc.c =================================================================== --- php/php-src/trunk/Zend/zend_alloc.c 2011-09-13 06:22:25 UTC (rev 316589) +++ php/php-src/trunk/Zend/zend_alloc.c 2011-09-13 07:01:46 UTC (rev 316590) @@ -515,7 +515,7 @@ #define ZEND_MM_IS_GUARD_BLOCK(b) (((b)->info._size & ZEND_MM_TYPE_MASK) == ZEND_MM_GUARD_BLOCK) #define ZEND_MM_NEXT_BLOCK(b) ZEND_MM_BLOCK_AT(b, ZEND_MM_BLOCK_SIZE(b)) -#define ZEND_MM_PREV_BLOCK(b) ZEND_MM_BLOCK_AT(b, -(int)((b)->info._prev & ~ZEND_MM_TYPE_MASK)) +#define ZEND_MM_PREV_BLOCK(b) ZEND_MM_BLOCK_AT(b, -(ssize_t)((b)->info._prev & ~ZEND_MM_TYPE_MASK)) #define ZEND_MM_PREV_BLOCK_IS_FREE(b) (!((b)->info._prev & ZEND_MM_USED_BLOCK))
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php