|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
Patch APC-3.1.14-check-memory-allocations.patch for APC Bug #64064Patch version 2013-02-06 02:33 UTC Return to Bug #64064 | Download this patchThis patch renders other patches obsolete Obsolete patches: Patch Revisions:Developer: iliya@polihronov.com
diff -Naur APC-3.1.14.orig//apc_compile.c APC-3.1.14//apc_compile.c
--- APC-3.1.14.orig//apc_compile.c 2013-01-03 02:11:59.000000000 +0000
+++ APC-3.1.14//apc_compile.c 2013-02-06 02:28:57.000000000 +0000
@@ -1207,8 +1207,9 @@
if (src->literals) {
zend_literal *p, *q, *end;
+ CHECK(dst->literals = (zend_literal*) apc_pool_alloc(pool, (sizeof(zend_literal) * src->last_literal)));
+ p = dst->literals;
q = src->literals;
- p = dst->literals = (zend_literal*) apc_pool_alloc(pool, (sizeof(zend_literal) * src->last_literal));
end = p + src->last_literal;
while (p < end) {
*p = *q;
@@ -1361,40 +1362,44 @@
/* This code breaks apc's rule#1 - cache what you compile */
if((APCG(fpstat)==0) && APCG(canonicalize)) {
/* not pool allocated, because the pool allocations eat up shm space */
- fileinfo = (apc_fileinfo_t*) apc_php_malloc(sizeof(apc_fileinfo_t) TSRMLS_CC);
#ifdef ZEND_ENGINE_2_4
if((zo->opcode == ZEND_INCLUDE_OR_EVAL) &&
(zo->op1_type == IS_CONST && Z_TYPE_P(zo->op1.zv) == IS_STRING)) {
/* constant includes */
if(!IS_ABSOLUTE_PATH(Z_STRVAL_P(zo->op1.zv),Z_STRLEN_P(zo->op1.zv))) {
+ fileinfo = (apc_fileinfo_t*) apc_php_malloc(sizeof(apc_fileinfo_t) TSRMLS_CC);
if (apc_search_paths(Z_STRVAL_P(zo->op1.zv), PG(include_path), fileinfo TSRMLS_CC) == 0) {
#else
if((zo->opcode == ZEND_INCLUDE_OR_EVAL) &&
(zo->op1.op_type == IS_CONST && zo->op1.u.constant.type == IS_STRING)) {
/* constant includes */
if(!IS_ABSOLUTE_PATH(Z_STRVAL_P(&zo->op1.u.constant),Z_STRLEN_P(&zo->op1.u.constant))) {
+ fileinfo = (apc_fileinfo_t*) apc_php_malloc(sizeof(apc_fileinfo_t) TSRMLS_CC);
if (apc_search_paths(Z_STRVAL_P(&zo->op1.u.constant), PG(include_path), fileinfo TSRMLS_CC) == 0) {
#endif
- if((fullpath = realpath(fileinfo->fullpath, canon_path))) {
+ fullpath = realpath(fileinfo->fullpath, canon_path);
+ apc_php_free(fileinfo TSRMLS_CC);
+ if(fullpath) {
/* everything has to go through a realpath() */
zend_op *dzo = &(dst->opcodes[i]);
#ifdef ZEND_ENGINE_2_4
- dzo->op1.literal = (zend_literal*) apc_pool_alloc(pool, sizeof(zend_literal));
+ CHECK(dzo->op1.literal = (zend_literal*) apc_pool_alloc(pool, sizeof(zend_literal)));
Z_STRLEN_P(dzo->op1.zv) = strlen(fullpath);
- Z_STRVAL_P(dzo->op1.zv) = apc_pstrdup(fullpath, pool TSRMLS_CC);
+ CHECK(Z_STRVAL_P(dzo->op1.zv) = apc_pstrdup(fullpath, pool TSRMLS_CC));
Z_TYPE_P(dzo->op1.zv) = IS_STRING;
Z_SET_REFCOUNT_P(dzo->op1.zv, 2);
Z_SET_ISREF_P(dzo->op1.zv);
dzo->op1.literal->hash_value = zend_hash_func(Z_STRVAL_P(dzo->op1.zv), Z_STRLEN_P(dzo->op1.zv)+1);
#else
dzo->op1.u.constant.value.str.len = strlen(fullpath);
- dzo->op1.u.constant.value.str.val = apc_pstrdup(fullpath, pool TSRMLS_CC);
+ CHECK(dzo->op1.u.constant.value.str.val = apc_pstrdup(fullpath, pool TSRMLS_CC));
#endif
}
+ } else {
+ apc_php_free(fileinfo TSRMLS_CC);
}
}
}
- apc_php_free(fileinfo TSRMLS_CC);
}
}
@@ -1853,9 +1858,9 @@
memcpy(dst, src, sizeof(src[0]));
dst->static_variables = my_copy_static_variables(src, ctxt TSRMLS_CC);
- dst->refcount = apc_pmemcpy(src->refcount,
+ CHECK(dst->refcount = apc_pmemcpy(src->refcount,
sizeof(src->refcount[0]),
- ctxt->pool TSRMLS_CC);
+ ctxt->pool TSRMLS_CC));
my_prepare_op_array_for_execution(dst,src, ctxt TSRMLS_CC);
@@ -1879,7 +1884,10 @@
dst = (zend_function*) emalloc(sizeof(src[0]));
memcpy(dst, src, sizeof(src[0]));
- apc_copy_op_array_for_execution(&(dst->op_array), &(src->op_array), ctxt TSRMLS_CC);
+ if (apc_copy_op_array_for_execution(&(dst->op_array), &(src->op_array), ctxt TSRMLS_CC) == NULL) {
+ efree(dst);
+ return NULL;
+ }
return dst;
}
/* }}} */
@@ -1913,6 +1921,7 @@
int i;
#endif
zend_class_entry* dst = (zend_class_entry*) apc_pool_alloc(ctxt->pool, sizeof(src[0]));
+ CHECK(dst);
memcpy(dst, src, sizeof(src[0]));
if(src->num_interfaces)
@@ -1931,7 +1940,7 @@
/* Deep-copy the class properties, because they will be modified */
#ifdef ZEND_ENGINE_2_4
- dst->name = apc_string_pmemcpy((char*)src->name, src->name_length+1, ctxt->pool TSRMLS_CC);
+ CHECK(dst->name = apc_string_pmemcpy((char*)src->name, src->name_length+1, ctxt->pool TSRMLS_CC));
dst->default_properties_count = src->default_properties_count;
if (src->default_properties_count) {
dst->default_properties_table = (zval**) apc_php_malloc((sizeof(zval*) * src->default_properties_count) TSRMLS_CC);
@@ -2443,7 +2452,8 @@
}
#define APC_COPY_TRAIT_METHOD_FOR_EXEC(dst, src) \
- dst = (zend_trait_method_reference *) apc_pool_alloc(ctxt->pool, sizeof(zend_trait_method_reference)); \
+ CHECK(dst = \
+ (zend_trait_method_reference *) apc_pool_alloc(ctxt->pool, sizeof(zend_trait_method_reference))); \
memcpy(dst, src, sizeof(zend_trait_method_reference)); \
if (src->method_name) { \
CHECK((dst->method_name = apc_pstrdup(src->method_name, ctxt->pool TSRMLS_CC))); \
@@ -2453,7 +2463,7 @@
CHECK((dst->class_name = apc_pstrdup(src->class_name, ctxt->pool TSRMLS_CC))); \
} \
if (src->ce) { \
- dst->ce = apc_copy_class_entry_for_execution(src->ce, ctxt TSRMLS_CC); \
+ CHECK(dst->ce = apc_copy_class_entry_for_execution(src->ce, ctxt TSRMLS_CC)); \
}
/* {{{ apc_copy_trait_alias */
@@ -2483,6 +2493,7 @@
zend_trait_alias* apc_copy_trait_alias_for_execution(zend_trait_alias *src, apc_context_t *ctxt TSRMLS_DC)
{
zend_trait_alias *dst = (zend_trait_alias *) apc_pool_alloc(ctxt->pool, sizeof(zend_trait_alias));
+ CHECK(dst);
memcpy(dst, src, sizeof(zend_trait_alias));
@@ -2521,7 +2532,7 @@
while (src->exclude_from_classes[i] && i < num_classes) {
char *name = (char *) src->exclude_from_classes[i];
- dst->exclude_from_classes[i] = (zend_class_entry *) apc_pstrdup(name, ctxt->pool TSRMLS_CC);
+ CHECK(dst->exclude_from_classes[i] = (zend_class_entry *) apc_pstrdup(name, ctxt->pool TSRMLS_CC));
i++;
}
dst->exclude_from_classes[i] = NULL;
@@ -2537,6 +2548,7 @@
zend_trait_precedence* apc_copy_trait_precedence_for_execution(zend_trait_precedence *src, apc_context_t *ctxt TSRMLS_DC)
{
zend_trait_precedence *dst = (zend_trait_precedence *) apc_pool_alloc(ctxt->pool, sizeof(zend_trait_precedence));
+ CHECK(dst);
memcpy(dst, src, sizeof(zend_trait_precedence));
@@ -2551,7 +2563,7 @@
while (src->exclude_from_classes[i] && i < num_classes) {
char *name = (char *) src->exclude_from_classes[i];
- dst->exclude_from_classes[i] = (zend_class_entry *) apc_pstrdup(name, ctxt->pool TSRMLS_CC);
+ CHECK(dst->exclude_from_classes[i] = (zend_class_entry *) apc_pstrdup(name, ctxt->pool TSRMLS_CC));
i++;
}
dst->exclude_from_classes[i] = NULL;
diff -Naur APC-3.1.14.orig//apc_main.c APC-3.1.14//apc_main.c
--- APC-3.1.14.orig//apc_main.c 2013-01-03 02:11:59.000000000 +0000
+++ APC-3.1.14//apc_main.c 2013-02-06 02:19:25.000000000 +0000
@@ -72,7 +72,9 @@
static int install_function(apc_function_t fn, apc_context_t* ctxt, int lazy TSRMLS_DC)
{
int status;
- zend_function *func = apc_copy_function_for_execution(fn.function, ctxt TSRMLS_CC);
+ zend_function *func = apc_copy_function_for_execution(fn.function, ctxt TSRMLS_CC);
+ if (func == NULL)
+ return FAILURE;
status = zend_hash_add(EG(function_table), fn.name, fn.name_len+1, func, sizeof(zend_function), NULL);
efree(func);
@@ -97,6 +99,8 @@
if(zend_hash_quick_find(APCG(lazy_function_table), name, len, hash, (void**)&fn) == SUCCESS) {
*fe = apc_copy_function_for_execution(fn->function, &ctxt TSRMLS_CC);
+ if (fe == NULL)
+ return FAILURE;
status = zend_hash_add(EG(function_table),
fn->name,
fn->name_len+1,
@@ -145,6 +149,8 @@
class_entry =
apc_copy_class_entry_for_execution(cl.class_entry, ctxt TSRMLS_CC);
+ if (class_entry == NULL)
+ return FAILURE;
/* restore parent class pointer for compile-time inheritance */
|
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Fri Apr 19 17:01:30 2024 UTC |