Commit af330b3

committed

Use a single knob

1 parent 01735b1 commit af330b3Copy full SHA for af330b3

File tree

1 file changed

+21

-22

lines changed

Zend
- zend_alloc.c

1 file changed

+21

-22

lines changed

`‎Zend/zend_alloc.c‎`

Lines changed: 21 additions & 22 deletions

Original file line number	Diff line number	Diff line change
`@@ -146,12 +146,11 @@ static size_t _real_page_size = ZEND_MM_PAGE_SIZE;`
`146`	`146`	`# define ZEND_MM_ERROR 1 /* report system errors */`
`147`	`147`	`#endif`
`148`	`148`	`#ifndef ZEND_MM_HEAP_PROTECTION`
`149`		`-# define ZEND_MM_HEAP_PROTECTION 1 /* protect heap against corruptions */`
`150`		`-#endif`
`151`		`-#ifndef ZEND_MM_HEAP_SPRAYING_PROTECTION`
`152`		`-# define ZEND_MM_HEAP_SPRAYING_PROTECTION 1 /* protect against remote heap`
`153`		`- spraying or heap feng chui via`
`154`		`- environment / user input */`
	`149`	`+/* Protect heap against:`
	`150`	`+ * - Freelist pointer corruption`
	`151`	`+ * - Heap spraying and heap feng shui via environment / user input`
	`152`	`+ */`
	`153`	`+# define ZEND_MM_HEAP_PROTECTION 1`
`155`	`154`	`#endif`
`156`	`155`
`157`	`156`	`#if ZEND_MM_HEAP_PROTECTION`
`@@ -226,7 +225,7 @@ typedef zend_mm_bitset zend_mm_page_map[ZEND_MM_PAGE_MAP_LEN]; /* 64B */`
`226`	`225`	`#define ZEND_MM_FREE_SLOT_LEN (ZEND_MM_ZONE_LEN * ZEND_MM_ZONES)`
`227`	`226`	`#define ZEND_MM_ZONE_DEFAULT 0`
`228`	`227`
`229`		`-#if ZEND_MM_HEAP_SPRAYING_PROTECTION`
	`228`	`+#if ZEND_MM_HEAP_PROTECTION`
`230`	`229`
`231`	`230`	`# define ZEND_MM_ZONES 2`
`232`	`231`
`@@ -247,7 +246,7 @@ typedef zend_mm_bitset zend_mm_page_map[ZEND_MM_PAGE_MAP_LEN]; /* 64B */`
`247`	`246`	`# define ZEND_MM_FREE_SLOT_EX(heap, chunk, bin_num) ((chunk)->zone_free_slot[(bin_num)])`
`248`	`247`	`# define ZEND_MM_CHUNK_ZONE(heap, chunk) ((chunk)->zone)`
`249`	`248`
`250`		`-#else /* ZEND_MM_HEAP_SPRAYING_PROTECTION */`
	`249`	`+#else /* ZEND_MM_HEAP_PROTECTION */`
`251`	`250`
`252`	`251`	`# define ZEND_MM_ZONES 1`
`253`	`252`
`@@ -262,7 +261,7 @@ typedef zend_mm_bitset zend_mm_page_map[ZEND_MM_PAGE_MAP_LEN]; /* 64B */`
`262`	`261`	`# define ZEND_MM_FREE_SLOT_EX(heap, chunk, bin_num) ZEND_MM_FREE_SLOT(heap, bin_num)`
`263`	`262`	`# define ZEND_MM_CHUNK_ZONE(heap, chunk) (&(heap)->zones[0])`
`264`	`263`
`265`		`-#endif /* ZEND_MM_HEAP_SPRAYING_PROTECTION */`
	`264`	`+#endif /* ZEND_MM_HEAP_PROTECTION */`
`266`	`265`
`267`	`266`	`#if UINTPTR_MAX == UINT64_MAX`
`268`	`267`	`# define BSWAPPTR(u) ZEND_BYTES_SWAP64(u)`
`@@ -327,7 +326,7 @@ struct _zend_mm_heap {`
`327`	`326`	`size_t peak; /* peak memory usage */`
`328`	`327`	`#endif`
`329`	`328`	`uintptr_t shadow_key; /* free slot shadow ptr xor key */`
`330`		`-#if ZEND_MM_HEAP_SPRAYING_PROTECTION`
	`329`	`+#if ZEND_MM_HEAP_PROTECTION`
`331`	`330`	`zend_mm_free_slot **zone_free_slot;`
`332`	`331`	`#endif`
`333`	`332`	`zend_mm_free_slot free_slot[ZEND_MM_FREE_SLOT_LEN]; / free lists for small sizes */`
`@@ -369,7 +368,7 @@ struct _zend_mm_heap {`
`369`	`368`
`370`	`369`	`struct _zend_mm_chunk {`
`371`	`370`	`zend_mm_heap *heap;`
`372`		`-#if ZEND_MM_HEAP_SPRAYING_PROTECTION`
	`371`	`+#if ZEND_MM_HEAP_PROTECTION`
`373`	`372`	`zend_mm_free_slot **zone_free_slot;`
`374`	`373`	`#endif`
`375`	`374`	`zend_mm_chunk *next;`
`@@ -379,7 +378,7 @@ struct _zend_mm_chunk {`
`379`	`378`	`uint32_t num;`
`380`	`379`	`char reserve[64 - (sizeof(void) 3 + sizeof(uint32_t) * 3)];`
`381`	`380`	`zend_mm_heap heap_slot; /* used only in main chunk */`
`382`		`-#if ZEND_MM_HEAP_SPRAYING_PROTECTION`
	`381`	`+#if ZEND_MM_HEAP_PROTECTION`
`383`	`382`	`zend_mm_zone *zone;`
`384`	`383`	`#endif`
`385`	`384`	`zend_mm_page_map free_map; /* 512 bits or 64 bytes */`
`@@ -950,7 +949,7 @@ static zend_always_inline void zend_mm_chunk_init(zend_mm_heap *heap, zend_mm_zo`
`950`	`949`	`chunk->prev->next = chunk;`
`951`	`950`	`chunk->next->prev = chunk;`
`952`	`951`	`}`
`953`		`-#if ZEND_MM_HEAP_SPRAYING_PROTECTION`
	`952`	`+#if ZEND_MM_HEAP_PROTECTION`
`954`	`953`	`chunk->zone_free_slot = ZEND_MM_ZONE_FREE_SLOT(heap, (uintptr_t)(zone - &heap->zones[0]));`
`955`	`954`	`chunk->zone = zone;`
`956`	`955`	`#endif`
`@@ -2116,7 +2115,7 @@ static zend_mm_heap *zend_mm_init(void)`
`2116`	`2115`	`}`
`2117`	`2116`	`heap = &chunk->heap_slot;`
`2118`	`2117`	`chunk->heap = heap;`
`2119`		`-#if ZEND_MM_HEAP_SPRAYING_PROTECTION`
	`2118`	`+#if ZEND_MM_HEAP_PROTECTION`
`2120`	`2119`	`chunk->zone_free_slot = ZEND_MM_ZONE_FREE_SLOT(heap, ZEND_MM_ZONE_DEFAULT);`
`2121`	`2120`	`chunk->zone = &heap->zones[0];`
`2122`	`2121`	`#endif`
`@@ -2129,11 +2128,11 @@ static zend_mm_heap *zend_mm_init(void)`
`2129`	`2128`	`chunk->map[0] = ZEND_MM_LRUN(ZEND_MM_FIRST_PAGE);`
`2130`	`2129`	`heap->main_chunk = chunk;`
`2131`	`2130`	`heap->cached_chunks = NULL;`
`2132`		`-#if ZEND_MM_HEAP_SPRAYING_PROTECTION`
	`2131`	`+#if ZEND_MM_HEAP_PROTECTION`
`2133`	`2132`	`heap->zone_free_slot = ZEND_MM_ZONE_FREE_SLOT(heap, ZEND_MM_ZONE_DEFAULT);`
`2134`	`2133`	`#endif`
`2135`	`2134`	`heap->zones[0].chunks = chunk;`
`2136`		`-#if ZEND_MM_HEAP_SPRAYING_PROTECTION`
	`2135`	`+#if ZEND_MM_HEAP_PROTECTION`
`2137`	`2136`	`heap->zones[1].chunks = NULL;`
`2138`	`2137`	`#endif`
`2139`	`2138`	`heap->chunks_count = 1;`
`@@ -2628,11 +2627,11 @@ ZEND_API void zend_mm_shutdown(zend_mm_heap *heap, bool full, bool silent)`
`2628`	`2627`	`heap->last_chunks_delete_boundary = 0;`
`2629`	`2628`	`heap->last_chunks_delete_count = 0;`
`2630`	`2629`
`2631`		`-#if ZEND_MM_HEAP_SPRAYING_PROTECTION`
	`2630`	`+#if ZEND_MM_HEAP_PROTECTION`
`2632`	`2631`	`heap->zone_free_slot = ZEND_MM_ZONE_FREE_SLOT(heap, ZEND_MM_ZONE_DEFAULT);`
`2633`	`2632`	`#endif`
`2634`	`2633`	`heap->zones[0].chunks = p;`
`2635`		`-#if ZEND_MM_HEAP_SPRAYING_PROTECTION`
	`2634`	`+#if ZEND_MM_HEAP_PROTECTION`
`2636`	`2635`	`heap->zones[1].chunks = NULL;`
`2637`	`2636`	`ZEND_MM_CHECK(p->zone == &heap->zones[0], "zend_mm_heap corrupted");`
`2638`	`2637`	`ZEND_MM_CHECK(p->zone_free_slot == ZEND_MM_ZONE_FREE_SLOT(heap, ZEND_MM_ZONE_DEFAULT), "zend_mm_heap corrupted");`
`@@ -2711,7 +2710,7 @@ static size_t alloc_globals_offset;`
`2711`	`2710`	`static zend_alloc_globals alloc_globals;`
`2712`	`2711`	`#endif`
`2713`	`2712`
`2714`		`-#if ZEND_MM_HEAP_SPRAYING_PROTECTION`
	`2713`	`+#if ZEND_MM_HEAP_PROTECTION`
`2715`	`2714`	`# define ZEND_MM_ZONE_INPUT 1`
`2716`	`2715`	`#endif`
`2717`	`2716`
`@@ -2765,15 +2764,15 @@ ZEND_API bool is_zend_ptr(const void *ptr)`
`2765`	`2764`
`2766`	`2765`	`ZEND_API void zend_mm_input_begin(void)`
`2767`	`2766`	`{`
`2768`		`-#if ZEND_MM_HEAP_SPRAYING_PROTECTION`
	`2767`	`+#if ZEND_MM_HEAP_PROTECTION`
`2769`	`2768`	`AG(use_input_zone)++;`
`2770`	`2769`	`AG(mm_heap)->zone_free_slot = ZEND_MM_ZONE_FREE_SLOT(AG(mm_heap), ZEND_MM_ZONE_INPUT);`
`2771`	`2770`	`#endif`
`2772`	`2771`	`}`
`2773`	`2772`
`2774`	`2773`	`ZEND_API void zend_mm_input_end(void)`
`2775`	`2774`	`{`
`2776`		`-#if ZEND_MM_HEAP_SPRAYING_PROTECTION`
	`2775`	`+#if ZEND_MM_HEAP_PROTECTION`
`2777`	`2776`	`AG(use_input_zone)--;`
`2778`	`2777`	`if (!AG(use_input_zone)) {`
`2779`	`2778`	`AG(mm_heap)->zone_free_slot = ZEND_MM_ZONE_FREE_SLOT(AG(mm_heap), ZEND_MM_ZONE_DEFAULT);`
`@@ -2783,7 +2782,7 @@ ZEND_API void zend_mm_input_end(void)`
`2783`	`2782`
`2784`	`2783`	`ZEND_API bool zend_mm_check_in_input(void)`
`2785`	`2784`	`{`
`2786`		`-#if ZEND_MM_HEAP_SPRAYING_PROTECTION`
	`2785`	`+#if ZEND_MM_HEAP_PROTECTION`
`2787`	`2786`	`return AG(use_input_zone);`
`2788`	`2787`	`#else`
`2789`	`2788`	`return true;`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit af330b3

File tree

1 file changed

1 file changed

`‎Zend/zend_alloc.c‎`

0 commit comments