Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit d91c592

Browse files
committed
Disable ZEND_MM_CUSTOM by default.
PHP's heap implementation is the one that virtually everybody uses: it's fast, it's there by default, it works, ... The only major ever I've found of custom heap implementation [is phpdbg](https://github.com/rogercaetanos/php-src/blob/e39db5773d9443e2cfee92bc31651848c044c325/sapi/phpdbg/phpdbg.c#L968-L999) but it looks dispensable at best. Some other debuggers and profilers might use it, and that's alright, but I don't think that this feature should be enabled by default. Disabling ZEND_MM_CUSTOM will allow to save a couple of bytes (yay), but the main goal is to close a low-hanging exploitation vector: as [presented at OffensiveCon 2024](https://youtu.be/dqKFHjcK9hM?t=1622), having trivially callable writeable function pointers at the top of the heap makes it straightforward to turn a limited write into an arbitrary code execution.
1 parent 37488d6 commit d91c592

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

‎Zend/zend_alloc.c‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -136,7 +136,7 @@ static size_t _real_page_size = ZEND_MM_PAGE_SIZE;
136136
# define ZEND_MM_LIMIT 1 /* support for user-defined memory limit */
137137
#endif
138138
#ifndef ZEND_MM_CUSTOM
139-
# define ZEND_MM_CUSTOM 1 /* support for custom memory allocator */
139+
# define ZEND_MM_CUSTOM 0 /* support for custom memory allocator */
140140
/* USE_ZEND_ALLOC=0 may switch to system malloc() */
141141
#endif
142142
#ifndef ZEND_MM_STORAGE

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /