Do not change zend_alloc_sizes

arnaud-lb · arnaud-lb · commit 5c29ad5367c9 · 2024-05-14T15:51:18.000+02:00
diff --git a/Zend/zend_alloc.c b/Zend/zend_alloc.c
@@ -367,29 +367,19 @@ struct _zend_mm_huge_list {
 #define ZEND_MM_PAGE_ADDR(chunk, page_num) \
 	((void*)(((zend_mm_page*)(chunk)) + (page_num)))
 
-#define _BIN_DATA_SIZE(num, size, elements, pages, x, y) \
-	/* Need two words for free slot pointer and shadow */ \
-	(ZEND_MM_HEAP_PROTECTION ? MAX(size, sizeof(zend_mm_free_slot*)*2) : size)
-#define _BIN_DATA_SIZE_C(num, size, elements, pages, x, y) \
-	_BIN_DATA_SIZE(num, size, elements, pages, x, y),
+#define _BIN_DATA_SIZE(num, size, elements, pages, x, y) size,
 static const uint32_t bin_data_size[] = {
-	ZEND_MM_BINS_INFO(_BIN_DATA_SIZE_C, x, y)
+	ZEND_MM_BINS_INFO(_BIN_DATA_SIZE, x, y)
 };
 
-#define _BIN_DATA_ELEMENTS(num, size, elements, pages, x, y) \
-	/* Adjusting size requires adjusting elements */ \
-	(elements / (_BIN_DATA_SIZE(num, size, elements, pages, x, y) / size))
-#define _BIN_DATA_ELEMENTS_C(num, size, elements, pages, x, y) \
-	_BIN_DATA_ELEMENTS(num, size, elements, pages, x, y),
+#define _BIN_DATA_ELEMENTS(num, size, elements, pages, x, y) elements,
 static const uint32_t bin_elements[] = {
-	ZEND_MM_BINS_INFO(_BIN_DATA_ELEMENTS_C, x, y)
+	ZEND_MM_BINS_INFO(_BIN_DATA_ELEMENTS, x, y)
 };
 
-#define _BIN_DATA_PAGES(num, size, elements, pages, x, y) pages
-#define _BIN_DATA_PAGES_C(num, size, elements, pages, x, y) \
-	_BIN_DATA_PAGES(num, size, elements, pages, x, y),
+#define _BIN_DATA_PAGES(num, size, elements, pages, x, y) pages,
 static const uint32_t bin_pages[] = {
-	ZEND_MM_BINS_INFO(_BIN_DATA_PAGES_C, x, y)
+	ZEND_MM_BINS_INFO(_BIN_DATA_PAGES, x, y)
 };
 
 #if ZEND_DEBUG
@@ -1343,6 +1333,8 @@ static zend_always_inline zend_mm_free_slot* zend_mm_decode_free_slot(zend_mm_he
 
 static zend_always_inline void zend_mm_set_next_free_slot(zend_mm_heap *heap, uint32_t bin_num, zend_mm_free_slot *slot, zend_mm_free_slot *next)
 {
+	ZEND_ASSERT(bin_data_size[bin_num] >= ZEND_MM_MIN_SMALL_SIZE);
+
 	slot->next_free_slot = next;
 	ZEND_MM_FREE_SLOT_PTR_SHADOW(slot, bin_num) = zend_mm_encode_free_slot(heap, next);
 }
@@ -1424,6 +1416,8 @@ static zend_never_inline void *zend_mm_alloc_small_slow(zend_mm_heap *heap, uint
 
 static zend_always_inline void *zend_mm_alloc_small(zend_mm_heap *heap, int bin_num ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
 {
+	ZEND_ASSERT(bin_data_size[bin_num] >= ZEND_MM_MIN_SMALL_SIZE);
+
 #if ZEND_MM_STAT
 	do {
 		size_t size = heap->size + bin_data_size[bin_num];
@@ -1444,6 +1438,8 @@ static zend_always_inline void *zend_mm_alloc_small(zend_mm_heap *heap, int bin_
 
 static zend_always_inline void zend_mm_free_small(zend_mm_heap *heap, void *ptr, int bin_num)
 {
+	ZEND_ASSERT(bin_data_size[bin_num] >= ZEND_MM_MIN_SMALL_SIZE);
+
 	zend_mm_free_slot *p;
 
 #if ZEND_MM_STAT
@@ -1493,6 +1489,11 @@ static zend_always_inline zend_mm_debug_info *zend_mm_get_debug_info(zend_mm_hea
 static zend_always_inline void *zend_mm_alloc_heap(zend_mm_heap *heap, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
 {
 	void *ptr;
+#if ZEND_MM_HEAP_PROTECTION
+	if (size < ZEND_MM_MIN_SMALL_SIZE) {
+		size = ZEND_MM_MIN_SMALL_SIZE;
+	}
+#endif /* ZEND_MM_HEAP_PROTECTION */
 #if ZEND_DEBUG
 	size_t real_size = size;
 	zend_mm_debug_info *dbg;
@@ -1714,6 +1715,11 @@ static zend_always_inline void *zend_mm_realloc_heap(zend_mm_heap *heap, void *p
 		zend_mm_chunk *chunk = (zend_mm_chunk*)ZEND_MM_ALIGNED_BASE(ptr, ZEND_MM_CHUNK_SIZE);
 		int page_num = (int)(page_offset / ZEND_MM_PAGE_SIZE);
 		zend_mm_page_info info = chunk->map[page_num];
+#if ZEND_MM_HEAP_PROTECTION
+		if (size < ZEND_MM_MIN_SMALL_SIZE) {
+			size = ZEND_MM_MIN_SMALL_SIZE;
+		}
+#endif /* ZEND_MM_HEAP_PROTECTION */
 #if ZEND_DEBUG
 		size_t real_size = size;
 
@@ -2677,6 +2683,7 @@ ZEND_API bool is_zend_ptr(const void *ptr)
 
 # define _ZEND_BIN_ALLOCATOR(_num, _size, _elements, _pages, x, y) \
 	ZEND_API void* ZEND_FASTCALL _emalloc_ ## _size(void) { \
+		ZEND_ASSERT(_size >= ZEND_MM_MIN_SMALL_SIZE); \
 		ZEND_MM_CUSTOM_ALLOCATOR(_size); \
 		return zend_mm_alloc_small(AG(mm_heap), _num ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); \
 	}
@@ -2698,6 +2705,7 @@ ZEND_API void* ZEND_FASTCALL _emalloc_huge(size_t size)
 #if ZEND_DEBUG
 # define _ZEND_BIN_FREE(_num, _size, _elements, _pages, x, y) \
 	ZEND_API void ZEND_FASTCALL _efree_ ## _size(void *ptr) { \
+		ZEND_ASSERT(_size >= ZEND_MM_MIN_SMALL_SIZE); \
 		ZEND_MM_CUSTOM_DEALLOCATOR(ptr); \
 		{ \
 			size_t page_offset = ZEND_MM_ALIGNED_OFFSET(ptr, ZEND_MM_CHUNK_SIZE); \
@@ -2712,6 +2720,7 @@ ZEND_API void* ZEND_FASTCALL _emalloc_huge(size_t size)
 #else
 # define _ZEND_BIN_FREE(_num, _size, _elements, _pages, x, y) \
 	ZEND_API void ZEND_FASTCALL _efree_ ## _size(void *ptr) { \
+		ZEND_ASSERT(_size >= ZEND_MM_MIN_SMALL_SIZE); \
 		ZEND_MM_CUSTOM_DEALLOCATOR(ptr); \
 		{ \
 			zend_mm_chunk *chunk = (zend_mm_chunk*)ZEND_MM_ALIGNED_BASE(ptr, ZEND_MM_CHUNK_SIZE); \
diff --git a/Zend/zend_alloc.h b/Zend/zend_alloc.h
@@ -90,7 +90,7 @@ ZEND_API ZEND_ATTRIBUTE_MALLOC void* ZEND_FASTCALL _emalloc_large(size_t size) Z
 ZEND_API ZEND_ATTRIBUTE_MALLOC void* ZEND_FASTCALL _emalloc_huge(size_t size) ZEND_ATTRIBUTE_ALLOC_SIZE(1);
 
 # define _ZEND_BIN_ALLOCATOR_SELECTOR_START(_num, _size, _elements, _pages, size, y) \
-	((size <= _size) ? _emalloc_ ## _size() :
+	((size <= _size && _size >= ZEND_MM_MIN_SMALL_SIZE) ? _emalloc_ ## _size() :
 # define _ZEND_BIN_ALLOCATOR_SELECTOR_END(_num, _size, _elements, _pages, size, y) \
 	)
 
@@ -115,7 +115,7 @@ ZEND_API void ZEND_FASTCALL _efree_large(void *, size_t size);
 ZEND_API void ZEND_FASTCALL _efree_huge(void *, size_t size);
 
 # define _ZEND_BIN_DEALLOCATOR_SELECTOR_START(_num, _size, _elements, _pages, ptr, size) \
-	if (size <= _size) { _efree_ ## _size(ptr); } else
+	if (size <= _size && _size >= ZEND_MM_MIN_SMALL_SIZE) { _efree_ ## _size(ptr); } else
 
 # define ZEND_DEALLOCATOR(ptr, size) \
 	ZEND_MM_BINS_INFO(_ZEND_BIN_DEALLOCATOR_SELECTOR_START, ptr, size) \
diff --git a/Zend/zend_alloc_sizes.h b/Zend/zend_alloc_sizes.h
@@ -19,12 +19,20 @@
 #ifndef ZEND_ALLOC_SIZES_H
 #define ZEND_ALLOC_SIZES_H
 
+#ifndef ZEND_MM_HEAP_PROTECTION
+# define ZEND_MM_HEAP_PROTECTION 1 /* protect heap against corruptions       */
+#endif
+
 #define ZEND_MM_CHUNK_SIZE ((size_t) (2 * 1024 * 1024))    /* 2 MB  */
 #define ZEND_MM_PAGE_SIZE  (4 * 1024)                      /* 4 KB  */
 #define ZEND_MM_PAGES      (ZEND_MM_CHUNK_SIZE / ZEND_MM_PAGE_SIZE)  /* 512 */
 #define ZEND_MM_FIRST_PAGE (1)
 
-#define ZEND_MM_MIN_SMALL_SIZE		8
+#if ZEND_MM_HEAP_PROTECTION
+# define ZEND_MM_MIN_SMALL_SIZE     (sizeof(void*) * 2)
+#else
+# define ZEND_MM_MIN_SMALL_SIZE     8
+#endif
 #define ZEND_MM_MAX_SMALL_SIZE      3072
 #define ZEND_MM_MAX_LARGE_SIZE      (ZEND_MM_CHUNK_SIZE - (ZEND_MM_PAGE_SIZE * ZEND_MM_FIRST_PAGE))
 
