Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:37280 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 73918 invoked from network); 29 Apr 2008 03:00:29 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 29 Apr 2008 03:00:29 -0000 Authentication-Results: pb1.pair.com header.from=greg@chiaraquartet.net; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=greg@chiaraquartet.net; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain chiaraquartet.net from 38.99.98.18 cause and error) X-PHP-List-Original-Sender: greg@chiaraquartet.net X-Host-Fingerprint: 38.99.98.18 beast.bluga.net Linux 2.6 Received: from [38.99.98.18] ([38.99.98.18:51865] helo=mail.bluga.net) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 95/C0-04029-B4F86184 for ; Mon, 28 Apr 2008 23:00:28 -0400 Received: from mail.bluga.net (localhost.localdomain [127.0.0.1]) by mail.bluga.net (Postfix) with ESMTP id D2558C111A8 for ; Mon, 28 Apr 2008 20:00:24 -0700 (MST) Received: from [192.168.0.106] (CPE-76-84-4-101.neb.res.rr.com [76.84.4.101]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.bluga.net (Postfix) with ESMTP id 3BDA9C111A7 for ; Mon, 28 Apr 2008 20:00:23 -0700 (MST) Message-ID: <48168FAD.7030207@chiaraquartet.net> Date: Mon, 28 Apr 2008 22:02:05 -0500 User-Agent: Thunderbird 2.0.0.12 (X11/20080227) MIME-Version: 1.0 To: internals Mailing List X-Enigmail-Version: 0.95.0 Content-Type: multipart/mixed; boundary="------------030208060609000400080307" X-Virus-Scanned: ClamAV using ClamSMTP Subject: [PATCH] major bug in mmap of lexer From: greg@chiaraquartet.net (Gregory Beaver) --------------030208060609000400080307 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Hi, Today while testing phar with phpMyAdmin, I was getting a really weird error - one of the files was turning into a series of Z's, munging the entire display. Thinking it was a phar issue, I instead tracked it down to a major problem in an edge case of zend_stream_fixup(). For files that are about 4085 bytes long, the buffer containing them was being erealloc()ed without re-assigning the new value to the zend_file_handle, resulting in efreed() value filled with Z's if --enable-debug was in the configure line (whew). A simple order change of assignment solves this one. The attached patches against 5_3 and HEAD fixes this and saves the day for pharred phpMyAdmin. Greg --------------030208060609000400080307 Content-Type: text/plain; name="fix_lex.patch.txt" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="fix_lex.patch.txt" Index: Zend/zend_stream.c =================================================================== RCS file: /repository/ZendEngine2/zend_stream.c,v retrieving revision 1.13.2.1.2.1.2.4 diff -u -r1.13.2.1.2.1.2.4 zend_stream.c --- Zend/zend_stream.c 4 Apr 2008 15:34:39 -0000 1.13.2.1.2.1.2.4 +++ Zend/zend_stream.c 29 Apr 2008 02:53:09 -0000 @@ -231,11 +231,11 @@ } } file_handle->handle.stream.mmap.map = 0; - file_handle->handle.stream.mmap.buf = *buf; file_handle->handle.stream.mmap.len = size; if (size && remain < ZEND_MMAP_AHEAD) { *buf = safe_erealloc(*buf, size, 1, ZEND_MMAP_AHEAD); } + file_handle->handle.stream.mmap.buf = *buf; } if (file_handle->handle.stream.mmap.len == 0) { --------------030208060609000400080307 Content-Type: text/plain; name="fix_lex_HEAD.patch.txt" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="fix_lex_HEAD.patch.txt" Index: Zend/zend_stream.c =================================================================== RCS file: /repository/ZendEngine2/zend_stream.c,v retrieving revision 1.20 diff -u -r1.20 zend_stream.c --- Zend/zend_stream.c 4 Apr 2008 15:35:37 -0000 1.20 +++ Zend/zend_stream.c 29 Apr 2008 02:59:13 -0000 @@ -236,11 +236,11 @@ } } file_handle->handle.stream.mmap.map = 0; - file_handle->handle.stream.mmap.buf = *buf; file_handle->handle.stream.mmap.len = size; if (size && remain < ZEND_MMAP_AHEAD) { *buf = safe_erealloc(*buf, size, 1, ZEND_MMAP_AHEAD); } + file_handle->handle.stream.mmap.buf = *buf; } if (file_handle->handle.stream.mmap.len == 0) { --------------030208060609000400080307--