Fix potential memory issue with USE_ZEND_ALLOC=0

[cmb69]

The PHP core and extensions are written with the assumption that memory
allocation either succeeds, or the allocator bails out (i.e. the allocator
is infallible). Therefore the result of emalloc() and friends are not checked
for NULL values.

However, with USE_ZEND_ALLOC=0, malloc() and friends are used as allocators,
but these are fallible, i.e. they return NULL instead of bailing out if they
fail. This easily leads to invalid memory accesses in the following, such as
in https://bugs.php.net/73032. Some of these cases may constitute
exploitable vulnerabilities.

Therefore we make the infallible __zend_alloc() and friends the default for
USE_ZEND_ALLOC=0.

[nikic]

Looks reasonable. The only downside is that we waste one stack frame in valgrind :)

[cmb69]

Note, that I consider the current behavior a serious bug, unless it would be documented that fallible memory managers must not be used for production environments. But even in this case, we probably can avoid a lot of (security) bug reports (such as https://bugs.php.net/73032) by simply using an infallible memory allocator.

Furthermore, the PHP manual should make it clear that custom memory managers are supposed to be also infallible.

[cmb69]

The only downside is that we waste one stack frame in valgrind :)

--num-callers to the rescue. :-)

[cmb69]

The failing Travis check is unrelated to this PR.

[KalleZ]

cc @dstogov

[dstogov]

looks fine. BTW USE_ZEND_ALLOC=0 was introduced (and should be used) for debugging memory problems only.

[cmb69]

BTW USE_ZEND_ALLOC=0 was introduced (and should be used) for debugging memory problems only.

I'll adjust the documentation accordingly.

Nonetheless, I consider the current behavior to be a bug, and therefore have targetted the PR to PHP 5.6. If there are no objections, I'm going to merge in a week.