From 519920b2839b532748f0f0985b8c3dd178bdf49b Mon Sep 17 00:00:00 2001
From: jvoisin <julien.voisin@dustri.org>
Date: Thu, 11 Apr 2024 17:02:06 +0200
Subject: [PATCH] Add two checks for zend_mm_heap's integrity

---
 Zend/zend_alloc.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/Zend/zend_alloc.c b/Zend/zend_alloc.c
index 09d161e62c16d..f92458328de9b 100644
--- a/Zend/zend_alloc.c
+++ b/Zend/zend_alloc.c
@@ -1065,6 +1065,9 @@ static void *zend_mm_alloc_pages(zend_mm_heap *heap, uint32_t pages_count ZEND_F
 
 found:
 	if (steps > 2 && pages_count < 8) {
+		ZEND_MM_CHECK(chunk->next->prev == chunk, "zend_mm_heap corrupted");
+		ZEND_MM_CHECK(chunk->prev->next == chunk, "zend_mm_heap corrupted");
+
 		/* move chunk into the head of the linked-list */
 		chunk->prev->next = chunk->next;
 		chunk->next->prev = chunk->prev;
@@ -1116,6 +1119,9 @@ static zend_never_inline void *zend_mm_alloc_large(zend_mm_heap *heap, size_t si
 
 static zend_always_inline void zend_mm_delete_chunk(zend_mm_heap *heap, zend_mm_chunk *chunk)
 {
+	ZEND_MM_CHECK(chunk->next->prev == chunk, "zend_mm_heap corrupted");
+	ZEND_MM_CHECK(chunk->prev->next == chunk, "zend_mm_heap corrupted");
+
 	chunk->next->prev = chunk->prev;
 	chunk->prev->next = chunk->next;
 	heap->chunks_count--;