Skip to content

Commit ec3d440

Browse files
bukkabukka
committed
Merge branch 'PHP-7.4' into PHP-8.0
2 parents 64fde17 + b2cf9b7 commit ec3d440

File tree

3 files changed

+58
-1
lines changed

3 files changed

+58
-1
lines changed

NEWS

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,10 @@ PHP NEWS
88
. Fixed bug #81591 (Fatal Error not properly logged in particular cases).
99
(Nikita)
1010

11+
- FPM:
12+
. Fixed bug #81513 (Future possibility for heap overflow in FPM zlog).
13+
(Jakub Zelenka)
14+
1115
- GD:
1216
. Fixed bug #71316 (libpng warning from imagecreatefromstring). (cmb)
1317

sapi/fpm/fpm/zlog.c

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -414,7 +414,8 @@ static inline ssize_t zlog_stream_unbuffered_write(
414414
static inline ssize_t zlog_stream_buf_copy_cstr(
415415
struct zlog_stream *stream, const char *str, size_t str_len) /* {{{ */
416416
{
417-
if (stream->buf.size - stream->len <= str_len && !zlog_stream_buf_alloc_ex(stream, str_len)) {
417+
if (stream->buf.size - stream->len <= str_len &&
418+
!zlog_stream_buf_alloc_ex(stream, str_len + stream->len)) {
418419
return -1;
419420
}
420421

sapi/fpm/tests/log-bwp-realloc-buffer.phpt

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
--TEST--
2+
FPM: bug81513 - Buffered worker output plain log stream reallocation
3+
--SKIPIF--
4+
<?php include "skipif.inc"; ?>
5+
--FILE--
6+
<?php
7+
8+
require_once "tester.inc";
9+
10+
$cfg = <<<EOT
11+
[global]
12+
error_log = {{FILE:LOG}}
13+
[unconfined]
14+
listen = {{ADDR}}
15+
pm = dynamic
16+
pm.max_children = 5
17+
pm.start_servers = 1
18+
pm.min_spare_servers = 1
19+
pm.max_spare_servers = 3
20+
catch_workers_output = yes
21+
decorate_workers_output = no
22+
EOT;
23+
24+
$code = <<<EOT
25+
<?php
26+
file_put_contents('php://stderr', str_repeat('a', 100));
27+
usleep(20000);
28+
file_put_contents('php://stderr', str_repeat('b', 2500) . "\n");
29+
EOT;
30+
31+
$tester = new FPM\Tester($cfg, $code);
32+
$tester->start();
33+
$tester->expectLogStartNotices();
34+
$tester->request()->expectEmptyBody();
35+
$tester->terminate();
36+
var_dump($tester->getLastLogLine() === str_repeat('a', 100) . str_repeat('b', 923) . "\n");
37+
var_dump($tester->getLastLogLine() === str_repeat('b', 1023) . "\n");
38+
var_dump($tester->getLastLogLine() === str_repeat('b', 554) . "\n");
39+
$tester->close();
40+
41+
?>
42+
Done
43+
--EXPECT--
44+
bool(true)
45+
bool(true)
46+
bool(true)
47+
Done
48+
--CLEAN--
49+
<?php
50+
require_once "tester.inc";
51+
FPM\Tester::clean();
52+
?>

0 commit comments

Comments
 (0)