Skip to content

Fix #78620: Out of memory error #4766

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 3 commits into from
Closed

Fix #78620: Out of memory error #4766

wants to merge 3 commits into from

Conversation

cmb69
Copy link
Member

@cmb69 cmb69 commented Oct 2, 2019

If the integer addition in ZEND_MM_ALIGNED_SIZE_EX overflows, the
macro evaluates to 0, what we should catch early.

There are many more uses of ZEND__MM_ALIGNED_SIZE_EX; not sure if overflow can happen there as well.

@cmb69
Fix #78620: Out of memory error
83fff8e 
If the integer addition in `ZEND_MM_ALIGNED_SIZE_EX` overflows, the
macro evaluates to `0`, what we should catch early.
nikic
nikic reviewed Oct 2, 2019
View reviewed changes
@cmb69
Use goto instead of multiple checks
68914e2 
We also add a comment.
nikic
nikic approved these changes Oct 2, 2019
View reviewed changes
@cmb69
Copy link
Member Author

cmb69 commented Oct 2, 2019

Thanks! Applied as 8ce04df.

@cmb69 cmb69 closed this Oct 2, 2019
@cmb69 cmb69 deleted the fix-78620 branch October 2, 2019 16:24
nikic
nikic reviewed Oct 2, 2019
View reviewed changes
Zend/zend_alloc.c
if (UNEXPECTED(new_size == 0)) {
/* overflow in ZEND_MM_ALIGNED_SIZE_EX */
goto memory_limit_exhausted;
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On second thought, this fix doesn't look quite right ... especially the fact that this is in the #if ZEND_MM_LIMIT branch, while this check is necessary even without memory limit. I think it would be better to move this check outside of #if ZEND_MM_LIMIT and generate a "Possible integer overflow in memory allocation (%zu + %zu)" style error for that case.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay, reverted for now (f2fb37a). Will come up with a better solution ASAP.

php-pulls pushed a commit that referenced this pull request Oct 2, 2019
@cmb69
Revert "Fix #78620: Out of memory error"
f2fb37a 
This reverts commit 8ce04df.

Cf. <#4766 (comment)>.
@cmb69 cmb69 mentioned this pull request Oct 3, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nikic nikic nikic approved these changes

@dstogov dstogov dstogov left review comments

Assignees
No one assigned
Labels
Bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@cmb69 @nikic @dstogov @krakjoe @kocsismate