php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login | |
Patch APC-3.1.14-check-memory-allocations.patch for APC Bug #64064Patch version 2013-01-24 14:25 UTC Return to Bug #64064 | Download this patchThis patch is obsolete Obsoleted by patches: Patch Revisions:Developer: iliya@polihronov.comdiff -Naur APC-3.1.14.orig//apc_compile.c APC-3.1.14//apc_compile.c --- APC-3.1.14.orig//apc_compile.c 2013-01-03 02:11:59.000000000 +0000 +++ APC-3.1.14//apc_compile.c 2013-01-24 14:14:34.000000000 +0000 @@ -1207,8 +1207,9 @@ if (src->literals) { zend_literal *p, *q, *end; + CHECK(dst->literals = (zend_literal*) apc_pool_alloc(pool, (sizeof(zend_literal) * src->last_literal))); + p = dst->literals; q = src->literals; - p = dst->literals = (zend_literal*) apc_pool_alloc(pool, (sizeof(zend_literal) * src->last_literal)); end = p + src->last_literal; while (p < end) { *p = *q; @@ -1361,40 +1362,44 @@ /* This code breaks apc's rule#1 - cache what you compile */ if((APCG(fpstat)==0) && APCG(canonicalize)) { /* not pool allocated, because the pool allocations eat up shm space */ - fileinfo = (apc_fileinfo_t*) apc_php_malloc(sizeof(apc_fileinfo_t) TSRMLS_CC); #ifdef ZEND_ENGINE_2_4 if((zo->opcode == ZEND_INCLUDE_OR_EVAL) && (zo->op1_type == IS_CONST && Z_TYPE_P(zo->op1.zv) == IS_STRING)) { /* constant includes */ if(!IS_ABSOLUTE_PATH(Z_STRVAL_P(zo->op1.zv),Z_STRLEN_P(zo->op1.zv))) { + fileinfo = (apc_fileinfo_t*) apc_php_malloc(sizeof(apc_fileinfo_t) TSRMLS_CC); if (apc_search_paths(Z_STRVAL_P(zo->op1.zv), PG(include_path), fileinfo TSRMLS_CC) == 0) { #else if((zo->opcode == ZEND_INCLUDE_OR_EVAL) && (zo->op1.op_type == IS_CONST && zo->op1.u.constant.type == IS_STRING)) { /* constant includes */ if(!IS_ABSOLUTE_PATH(Z_STRVAL_P(&zo->op1.u.constant),Z_STRLEN_P(&zo->op1.u.constant))) { + fileinfo = (apc_fileinfo_t*) apc_php_malloc(sizeof(apc_fileinfo_t) TSRMLS_CC); if (apc_search_paths(Z_STRVAL_P(&zo->op1.u.constant), PG(include_path), fileinfo TSRMLS_CC) == 0) { #endif - if((fullpath = realpath(fileinfo->fullpath, canon_path))) { + fullpath = realpath(fileinfo->fullpath, canon_path); + apc_php_free(fileinfo TSRMLS_CC); + if(fullpath) { /* everything has to go through a realpath() */ zend_op *dzo = &(dst->opcodes[i]); #ifdef ZEND_ENGINE_2_4 - dzo->op1.literal = (zend_literal*) apc_pool_alloc(pool, sizeof(zend_literal)); + CHECK(dzo->op1.literal = (zend_literal*) apc_pool_alloc(pool, sizeof(zend_literal))); Z_STRLEN_P(dzo->op1.zv) = strlen(fullpath); - Z_STRVAL_P(dzo->op1.zv) = apc_pstrdup(fullpath, pool TSRMLS_CC); + CHECK(Z_STRVAL_P(dzo->op1.zv) = apc_pstrdup(fullpath, pool TSRMLS_CC)); Z_TYPE_P(dzo->op1.zv) = IS_STRING; Z_SET_REFCOUNT_P(dzo->op1.zv, 2); Z_SET_ISREF_P(dzo->op1.zv); dzo->op1.literal->hash_value = zend_hash_func(Z_STRVAL_P(dzo->op1.zv), Z_STRLEN_P(dzo->op1.zv)+1); #else dzo->op1.u.constant.value.str.len = strlen(fullpath); - dzo->op1.u.constant.value.str.val = apc_pstrdup(fullpath, pool TSRMLS_CC); + CHECK(dzo->op1.u.constant.value.str.val = apc_pstrdup(fullpath, pool TSRMLS_CC)); #endif } - } + } else { + apc_php_free(fileinfo TSRMLS_CC); + } } } - apc_php_free(fileinfo TSRMLS_CC); } } @@ -1853,9 +1858,9 @@ memcpy(dst, src, sizeof(src[0])); dst->static_variables = my_copy_static_variables(src, ctxt TSRMLS_CC); - dst->refcount = apc_pmemcpy(src->refcount, + CHECK(dst->refcount = apc_pmemcpy(src->refcount, sizeof(src->refcount[0]), - ctxt->pool TSRMLS_CC); + ctxt->pool TSRMLS_CC)); my_prepare_op_array_for_execution(dst,src, ctxt TSRMLS_CC); @@ -1879,7 +1884,10 @@ dst = (zend_function*) emalloc(sizeof(src[0])); memcpy(dst, src, sizeof(src[0])); - apc_copy_op_array_for_execution(&(dst->op_array), &(src->op_array), ctxt TSRMLS_CC); + if (apc_copy_op_array_for_execution(&(dst->op_array), &(src->op_array), ctxt TSRMLS_CC) == NULL) { + efree(dst); + return NULL; + } return dst; } /* }}} */ @@ -1913,6 +1921,7 @@ int i; #endif zend_class_entry* dst = (zend_class_entry*) apc_pool_alloc(ctxt->pool, sizeof(src[0])); + CHECK(dst); memcpy(dst, src, sizeof(src[0])); if(src->num_interfaces) @@ -1931,7 +1940,7 @@ /* Deep-copy the class properties, because they will be modified */ #ifdef ZEND_ENGINE_2_4 - dst->name = apc_string_pmemcpy((char*)src->name, src->name_length+1, ctxt->pool TSRMLS_CC); + CHECK(dst->name = apc_string_pmemcpy((char*)src->name, src->name_length+1, ctxt->pool TSRMLS_CC)); dst->default_properties_count = src->default_properties_count; if (src->default_properties_count) { dst->default_properties_table = (zval**) apc_php_malloc((sizeof(zval*) * src->default_properties_count) TSRMLS_CC); @@ -2443,7 +2452,8 @@ } #define APC_COPY_TRAIT_METHOD_FOR_EXEC(dst, src) \ - dst = (zend_trait_method_reference *) apc_pool_alloc(ctxt->pool, sizeof(zend_trait_method_reference)); \ + CHECK(dst = \ + (zend_trait_method_reference *) apc_pool_alloc(ctxt->pool, sizeof(zend_trait_method_reference))); \ memcpy(dst, src, sizeof(zend_trait_method_reference)); \ if (src->method_name) { \ CHECK((dst->method_name = apc_pstrdup(src->method_name, ctxt->pool TSRMLS_CC))); \ @@ -2453,7 +2463,7 @@ CHECK((dst->class_name = apc_pstrdup(src->class_name, ctxt->pool TSRMLS_CC))); \ } \ if (src->ce) { \ - dst->ce = apc_copy_class_entry_for_execution(src->ce, ctxt TSRMLS_CC); \ + CHECK(dst->ce = apc_copy_class_entry_for_execution(src->ce, ctxt TSRMLS_CC)); \ } /* {{{ apc_copy_trait_alias */ @@ -2483,6 +2493,7 @@ zend_trait_alias* apc_copy_trait_alias_for_execution(zend_trait_alias *src, apc_context_t *ctxt TSRMLS_DC) { zend_trait_alias *dst = (zend_trait_alias *) apc_pool_alloc(ctxt->pool, sizeof(zend_trait_alias)); + CHECK(dst); memcpy(dst, src, sizeof(zend_trait_alias)); @@ -2521,7 +2532,7 @@ while (src->exclude_from_classes[i] && i < num_classes) { char *name = (char *) src->exclude_from_classes[i]; - dst->exclude_from_classes[i] = (zend_class_entry *) apc_pstrdup(name, ctxt->pool TSRMLS_CC); + CHECK(dst->exclude_from_classes[i] = (zend_class_entry *) apc_pstrdup(name, ctxt->pool TSRMLS_CC)); i++; } dst->exclude_from_classes[i] = NULL; @@ -2537,6 +2548,7 @@ zend_trait_precedence* apc_copy_trait_precedence_for_execution(zend_trait_precedence *src, apc_context_t *ctxt TSRMLS_DC) { zend_trait_precedence *dst = (zend_trait_precedence *) apc_pool_alloc(ctxt->pool, sizeof(zend_trait_precedence)); + CHECK(dst); memcpy(dst, src, sizeof(zend_trait_precedence)); @@ -2551,7 +2563,7 @@ while (src->exclude_from_classes[i] && i < num_classes) { char *name = (char *) src->exclude_from_classes[i]; - dst->exclude_from_classes[i] = (zend_class_entry *) apc_pstrdup(name, ctxt->pool TSRMLS_CC); + CHECK(dst->exclude_from_classes[i] = (zend_class_entry *) apc_pstrdup(name, ctxt->pool TSRMLS_CC)); i++; } dst->exclude_from_classes[i] = NULL; diff -Naur APC-3.1.14.orig//apc_main.c APC-3.1.14//apc_main.c --- APC-3.1.14.orig//apc_main.c 2013-01-03 02:11:59.000000000 +0000 +++ APC-3.1.14//apc_main.c 2013-01-24 14:14:45.000000000 +0000 @@ -73,6 +73,8 @@ { int status; zend_function *func = apc_copy_function_for_execution(fn.function, ctxt TSRMLS_CC); + if (func == NULL) + return FAILURE; status = zend_hash_add(EG(function_table), fn.name, fn.name_len+1, func, sizeof(zend_function), NULL); efree(func); @@ -97,6 +99,8 @@ if(zend_hash_quick_find(APCG(lazy_function_table), name, len, hash, (void**)&fn) == SUCCESS) { *fe = apc_copy_function_for_execution(fn->function, &ctxt TSRMLS_CC); + if (fe == NULL) + return FAILURE; status = zend_hash_add(EG(function_table), fn->name, fn->name_len+1, @@ -145,6 +149,8 @@ class_entry = apc_copy_class_entry_for_execution(cl.class_entry, ctxt TSRMLS_CC); + if (class_entry == NULL) + return FAILURE; /* restore parent class pointer for compile-time inheritance */ |
Copyright © 2001-2024 The PHP Group All rights reserved. |
Last updated: Thu May 02 21:01:31 2024 UTC |