Fix GH-19200: replace unchecked realloc/malloc with perealloc/pemalloc#21625
Fix GH-19200: replace unchecked realloc/malloc with perealloc/pemalloc#21625iliaal wants to merge 1 commit intophp:masterfrom
Conversation
github-actions
Bot
added
Category: Engine
Extension: opcache
SAPI: phpdbg
ABI break
labels
iliaal
force-pushed
the
fix/gh-19200-unchecked-realloc-malloc
branch
3 times, most recently
from
bfc2ba0 to
cde419a
Compare
iluuu1994
left a comment
iluuu1994
left a comment
There was a problem hiding this comment.
Looks correct, but please target master. I'm guessing other people would also appreciate the use of true over 1 (there has been some automated migration).
iliaal
force-pushed
the
fix/gh-19200-unchecked-realloc-malloc
branch
from
cde419a to
b934a5d
Compare
…lloc Raw realloc() returns NULL on allocation failure, losing the original pointer and causing a crash on the next dereference. pemalloc/perealloc with persistent=true wrap the system allocator but call zend_out_of_memory() on failure, giving a clean exit instead of an undefined crash. Converts all V701 locations from the PVS-Studio report and unchecked malloc calls in zend_register_functions() (phpGH-17013). Skips zend_alloc.c (already handled) and IR JIT code (third-party). The zend_inheritance.c changes also simplify the realloc/erealloc branch into a single perealloc() call, matching the existing pattern at zend_implement_stringable(). Fixes phpGH-19200 Closes phpGH-17013
iliaal
force-pushed
the
fix/gh-19200-unchecked-realloc-malloc
branch
from
b934a5d to
e7a61cf
Compare
|
Retargeted to master and switched the persistent literals to |
iluuu1994
left a comment
iluuu1994
left a comment
There was a problem hiding this comment.
Looks good. Please replace the huge AI generated description with something short and sensible. E.g. "Replace some malloc|realloc calls with OOM-safe (pemalloc|perealloc)(persistent: true) counterparts.
I'll draft something short & to the point, need to rebase it all to one commit etc.. just want to see ASAN pass 1st |
3 participants
Summary
Several call sites use raw
realloc()/malloc()without checking for NULL. Whenrealloc()fails, it returns NULL and the original pointer is lost, crashing on the next dereference. Replaced withperealloc()/pemalloc()(persistent=1), which wrap the system allocator and callzend_out_of_memory()on failure for a clean exit.Changes:
Zend/zend.c,zend_append_version_info()reallocZend/zend_API.c,zend_collect_module_handlers()(3 reallocs),zend_register_functions()(2 reallocs + 3 mallocs),do_register_internal_class()(1 malloc)Zend/zend_inheritance.c,ce->interfacesrealloc in 2ZEND_INTERNAL_CLASSbranches, simplified to singleperealloc()matching the pattern atzend_implement_stringable()ext/opcache/zend_accelerator_blacklist.c, blacklist entries reallocmain/network.c,gethostname_re()variants (3 mallocs + 3 reallocs)main/php_ini.c,php_ini_scanned_filesreallocmain/php_ini_builder.h, INI builder reallocsapi/phpdbg/phpdbg.c, extension list realloc/mallocsapi/phpdbg/phpdbg_prompt.c, code buffer realloc/mallocSkipped
zend_alloc.c(already handles this) and IR JIT code (third-party).Fixes GH-19200, closes GH-17013