@@ -144,6 +144,9 @@ static size_t _real_page_size = ZEND_MM_PAGE_SIZE;
144144#ifndef ZEND_MM_ERROR
145145# define ZEND_MM_ERROR 1 /* report system errors */
146146#endif
147+ #ifndef ZEND_MM_HEAP_PROTECTION
148+ # define ZEND_MM_HEAP_PROTECTION 1 /* protect heap against corruptions */
149+ #endif
147150
148151#ifndef ZEND_MM_CHECK
149152# define ZEND_MM_CHECK (condition , message ) do { \
@@ -364,7 +367,7 @@ struct _zend_mm_huge_list {
364367
365368#define _BIN_DATA_SIZE (num , size , elements , pages , x , y ) \
366369 /* Need two words for free slot pointer and shadow */ \
367- MAX(size, sizeof(zend_mm_free_slot*)*2)
370+ (ZEND_MM_HEAP_PROTECTION ? MAX(size, sizeof(zend_mm_free_slot*)*2) : size )
368371#define _BIN_DATA_SIZE_C (num , size , elements , pages , x , y ) \
369372 _BIN_DATA_SIZE(num, size, elements, pages, x, y),
370373static const uint32_t bin_data_size [] = {
@@ -1302,6 +1305,7 @@ static zend_always_inline int zend_mm_small_size_to_bin(size_t size)
13021305
13031306#define ZEND_MM_SMALL_SIZE_TO_BIN (size ) zend_mm_small_size_to_bin(size)
13041307
1308+ #if ZEND_MM_HEAP_PROTECTION
13051309/* We keep track of free slots by organizing them in a linked list, with the
13061310 * first word of every free slot being a pointer to the next one.
13071311 *
@@ -1353,6 +1357,13 @@ static zend_always_inline zend_mm_free_slot *zend_mm_get_next_free_slot(zend_mm_
13531357 return (zend_mm_free_slot * )next ;
13541358}
13551359
1360+ #else /* ZEND_MM_HEAP_PROTECTION */
1361+ # define zend_mm_set_next_free_slot (heap , bin_num , slot , next ) do { \
1362+ (slot)->next_free_slot = (next); \
1363+ } while (0)
1364+ # define zend_mm_get_next_free_slot (heap , bin_num , slot ) (slot)->next_free_slot
1365+ #endif /* ZEND_MM_HEAP_PROTECTION */
1366+
13561367static zend_never_inline void * zend_mm_alloc_small_slow (zend_mm_heap * heap , uint32_t bin_num ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC )
13571368{
13581369 zend_mm_chunk * chunk ;
0 commit comments