|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2017-01-14 18:00 UTC] cmb@php.net
[2017-01-14 18:29 UTC] dev at pp3345 dot net
[2020-10-19 16:01 UTC] cmb@php.net
-Status: Open
+Status: Duplicate
-Assigned To:
+Assigned To: cmb
[2020-10-19 16:01 UTC] cmb@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Nov 21 14:01:29 2024 UTC |
Description: ------------ According to `man realloc`, realloc() may return NULL if a valid pointer and size=0 is passed, e. g. realloc(<ptr>, 0) is the same as free(<ptr>). However, __zend_realloc always interprets NULL as OOM and therefore bails out when trying to reallocate a pointer to size 0. For example, mysqlnd sometimes calls erealloc(<ptr>, 0), which will crash PHP when running with USE_ZEND_ALLOC=0. From zend_alloc.c, lines 2834 - 2841: ZEND_API void * __zend_realloc(void *p, size_t len) { p = realloc(p, len); if (EXPECTED(p)) { return p; } zend_out_of_memory(); } It should probably be something like if (EXPECTED(p) || !len).