diff options
| -rw-r--r-- | php-bug76846.patch | 86 | ||||
| -rw-r--r-- | php56.spec | 17 |
2 files changed, 100 insertions, 3 deletions
diff --git a/php-bug76846.patch b/php-bug76846.patch new file mode 100644 index 0000000..c3d2962 --- /dev/null +++ b/php-bug76846.patch @@ -0,0 +1,86 @@ +Backported from 7.1 for 5.6 by Remi + + + +From 45cdcb2d0be89fe7bc404dd150240ec83f5de401 Mon Sep 17 00:00:00 2001 +From: Nikita Popov <nikita.ppv@gmail.com> +Date: Fri, 28 Sep 2018 12:56:47 +0200 +Subject: [PATCH] Fixed bug #76846 + +--- + NEWS | 2 ++ + Zend/tests/bug76846.phpt | 27 +++++++++++++++++++++++++++ + Zend/zend_objects_API.c | 6 ++++-- + 3 files changed, 33 insertions(+), 2 deletions(-) + create mode 100644 Zend/tests/bug76846.phpt + +diff --git a/Zend/tests/bug76846.phpt b/Zend/tests/bug76846.phpt +new file mode 100644 +index 000000000000..c167a8bb789f +--- /dev/null ++++ b/Zend/tests/bug76846.phpt +@@ -0,0 +1,27 @@ ++--TEST-- ++Bug #76846: Segfault in shutdown function after memory limit error ++--INI-- ++memory_limit=33M ++--SKIPIF-- ++<?php ++$zend_mm_enabled = getenv("USE_ZEND_ALLOC"); ++if ($zend_mm_enabled === "0") { ++ die("skip Zend MM disabled"); ++} ++?> ++--FILE-- ++<?php ++ ++register_shutdown_function(function() { ++ new stdClass; ++}); ++ ++$ary = []; ++while (true) { ++ $ary[] = new stdClass; ++} ++ ++?> ++--EXPECTF-- ++Fatal error: Allowed memory size of %d bytes exhausted at %s:%d (tried to allocate %d bytes) in %s on line %d ++%A +diff --git a/Zend/zend_objects_API.c b/Zend/zend_objects_API.c +index 54d8d51456d8..cbb637c54907 100644 +--- a/Zend/zend_objects_API.c ++++ b/Zend/zend_objects_API.c +@@ -114,8 +114,10 @@ ZEND_API zend_object_handle zend_objects + EG(objects_store).free_list_head = EG(objects_store).object_buckets[handle].bucket.free_list.next; + } else { + if (EG(objects_store).top == EG(objects_store).size) { +- EG(objects_store).size <<= 1; +- EG(objects_store).object_buckets = (zend_object_store_bucket *) erealloc(EG(objects_store).object_buckets, EG(objects_store).size * sizeof(zend_object_store_bucket)); ++ zend_uint new_size = 2 * EG(objects_store).size; ++ EG(objects_store).object_buckets = (zend_object_store_bucket *) erealloc(EG(objects_store).object_buckets, new_size * sizeof(zend_object_store_bucket)); ++ /* Assign size after realloc, in case it fails */ ++ EG(objects_store).size = new_size; + } + handle = EG(objects_store).top++; + } +From fa84b8ebb4ab14ca841d7e479865548dadc5eb88 Mon Sep 17 00:00:00 2001 +From: Nikita Popov <nikita.ppv@gmail.com> +Date: Fri, 28 Sep 2018 13:39:43 +0200 +Subject: [PATCH] Fix test for release builds + +--- + Zend/tests/bug76846.phpt | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/Zend/tests/bug76846.phpt b/Zend/tests/bug76846.phpt +index c167a8bb789f..fbef2010338c 100644 +--- a/Zend/tests/bug76846.phpt ++++ b/Zend/tests/bug76846.phpt +@@ -23,5 +23,4 @@ while (true) { + + ?> + --EXPECTF-- +-Fatal error: Allowed memory size of %d bytes exhausted at %s:%d (tried to allocate %d bytes) in %s on line %d +-%A ++Fatal error: Allowed memory size of %d bytes exhausted%s(tried to allocate %d bytes) in %s on line %d%A @@ -142,7 +142,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: php Version: 5.6.40 -Release: 5%{?dist} +Release: 6%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -201,6 +201,7 @@ Patch91: php-5.6.3-oci8conf.patch # Upstream fixes (100+) Patch100: php-5.6.31-oci.patch +Patch103: php-bug76846.patch # Security fixes (200+) # See https://github.com/Microsoft/php-src/commits/PHP-5.6-security-backports @@ -955,7 +956,7 @@ echo CIBLE = %{name}-%{version}-%{release} oci8=%{with_oci8} libzip=%{with_libzi %patch40 -p1 -b .dlopen %patch41 -p1 -b .dtrace -%if 0%{?fedora} >= 24 || 0%{?rhel} >= 5 +%if 0%{?fedora} >= 28 || 0%{?rhel} >= 5 %patch42 -p1 -b .systzdata %endif %patch43 -p1 -b .headers @@ -969,6 +970,7 @@ echo CIBLE = %{name}-%{version}-%{release} oci8=%{with_oci8} libzip=%{with_libzi # upstream patches %patch100 -p1 -b .pdo_oci +%patch103 -p1 -b .bug76846 # security patches %patch208 -p1 -b .bug77396 @@ -1019,6 +1021,12 @@ mkdir build-cgi build-apache build-embedded \ rm ext/date/tests/timezone_location_get.phpt rm ext/date/tests/timezone_version_get.phpt rm ext/date/tests/timezone_version_get_basic1.phpt +rm ext/date/tests/bug33414-1.phpt +rm ext/date/tests/bug33414-2.phpt +rm ext/date/tests/bug33415-2.phpt +rm ext/date/tests/date_modify-1.phpt +rm ext/date/tests/bug51819.phpt +rm ext/date/tests/date_sunset_variation9.phpt # Should be skipped but fails sometime rm ext/standard/tests/file/file_get_contents_error001.phpt # fails sometime @@ -1182,7 +1190,7 @@ ln -sf ../configure --with-layout=GNU \ --with-kerberos \ --with-libxml-dir=%{_prefix} \ -%if 0%{?fedora} >= 24 || 0%{?rhel} >= 5 +%if 0%{?fedora} >= 28 || 0%{?rhel} >= 5 --with-system-tzdata \ %endif --with-mhash \ @@ -2008,6 +2016,9 @@ EOF %changelog +* Fri Mar 15 2019 Remi Collet <remi@remirepo.net> - 5.6.40-6 +- Fix #76846 Segfault in shutdown function after memory limit error + * Tue Mar 12 2019 Remi Collet <remi@remirepo.net> - 5.6.40-5 - phar: Fix #77396 Null Pointer Dereference in phar_create_or_parse_filename |