- up to 5.3.19

[packages/php.git] / suhosin.patch

diff -Naurp php-5.3.6RC1/configure php-5.3.6RC1.oden/configure
--- php-5.3.6RC1/configure	2011-02-16 21:30:40.000000000 +0100
+++ php-5.3.6RC1.oden/configure	2011-02-20 11:50:19.294835319 +0100
@@ -18979,6 +18979,9 @@ EOF
 
 fi
 
+cat >> confdefs.h <<\EOF
+#define SUHOSIN_PATCH 1
+EOF
 
   echo $ac_n "checking for declared timezone""... $ac_c" 1>&6
 echo "configure:18985: checking for declared timezone" >&5
@@ -115340,7 +115343,7 @@ EOF
        php_ini.c SAPI.c rfc1867.c php_content_types.c strlcpy.c \
        strlcat.c mergesort.c reentrancy.c php_variables.c php_ticks.c \
        network.c php_open_temporary_file.c php_logos.c \
-       output.c getopt.c; do
+       output.c getopt.c suhosin_patch.c ; do
   
       IFS=.
       set $ac_src
@@ -115544,7 +115547,7 @@ esac
     zend_list.c zend_indent.c zend_builtin_functions.c zend_sprintf.c \
     zend_ini.c zend_qsort.c zend_multibyte.c zend_ts_hash.c zend_stream.c \
     zend_iterators.c zend_interfaces.c zend_exceptions.c zend_strtod.c zend_gc.c \
-    zend_closures.c zend_float.c; do
+    zend_closures.c zend_float.c zend_canary.c zend_alloc_canary.c ; do
   
       IFS=.
       set $ac_src
diff -Naurp php-5.3.6RC1/configure.in php-5.3.6RC1.oden/configure.in
--- php-5.3.6RC1/configure.in	2011-02-20 11:45:04.157489906 +0100
+++ php-5.3.6RC1.oden/configure.in	2011-02-20 11:50:19.295835459 +0100
@@ -286,6 +286,7 @@ sinclude(Zend/Zend.m4)
 sinclude(TSRM/threads.m4)
 sinclude(TSRM/tsrm.m4)
 
+sinclude(main/suhosin_patch.m4)
 
 divert(2)
 
@@ -1393,7 +1394,7 @@ PHP_ADD_SOURCES(main, main.c snprintf.c
        php_ini.c SAPI.c rfc1867.c php_content_types.c strlcpy.c \
        strlcat.c mergesort.c reentrancy.c php_variables.c php_ticks.c \
        network.c php_open_temporary_file.c php_logos.c \
-       output.c getopt.c)
+       output.c getopt.c suhosin_patch.c )
 
 PHP_ADD_SOURCES(main/streams, streams.c cast.c memory.c filter.c \
        plain_wrapper.c userspace.c transports.c xp_socket.c mmap.c \
@@ -1421,7 +1422,7 @@ PHP_ADD_SOURCES(Zend, \
     zend_list.c zend_indent.c zend_builtin_functions.c zend_sprintf.c \
     zend_ini.c zend_qsort.c zend_multibyte.c zend_ts_hash.c zend_stream.c \
     zend_iterators.c zend_interfaces.c zend_exceptions.c zend_strtod.c zend_gc.c \
-    zend_closures.c zend_float.c)
+    zend_closures.c zend_float.c zend_canary.c zend_alloc_canary.c )
 
 if test -r "$abs_srcdir/Zend/zend_objects.c"; then
   PHP_ADD_SOURCES(Zend, zend_objects.c zend_object_handlers.c zend_objects_API.c zend_default_classes.c)
diff -Naurp php-5.3.6RC1/ext/standard/dl.c php-5.3.6RC1.oden/ext/standard/dl.c
--- php-5.3.6RC1/ext/standard/dl.c	2011-01-01 03:19:59.000000000 +0100
+++ php-5.3.6RC1.oden/ext/standard/dl.c	2011-02-20 11:50:19.296835599 +0100
@@ -254,6 +254,23 @@ PHPAPI int php_load_extension(char *file
 			return FAILURE;
 		}
 	}
+
+#if SUHOSIN_PATCH
+	if (strncmp("suhosin", module_entry->name, sizeof("suhosin")-1) == 0) {
+		void *log_func;
+		/* sucessfully loaded suhosin extension, now check for logging function replacement */
+		log_func = (void *) DL_FETCH_SYMBOL(handle, "suhosin_log");
+		if (log_func == NULL) {
+			log_func = (void *) DL_FETCH_SYMBOL(handle, "_suhosin_log");
+		}
+		if (log_func != NULL) {
+			zend_suhosin_log = log_func;
+		} else {
+                        zend_suhosin_log(S_MISC, "could not replace logging function");
+		}
+	}
+#endif	
+
 	return SUCCESS;
 }
 /* }}} */
diff -Naurp php-5.3.6RC1/ext/standard/info.c php-5.3.6RC1.oden/ext/standard/info.c
--- php-5.3.6RC1/ext/standard/info.c	2011-02-20 11:45:04.155489624 +0100
+++ php-5.3.6RC1.oden/ext/standard/info.c	2011-02-20 11:50:19.297835740 +0100
@@ -885,6 +885,33 @@ PHPAPI void php_print_info(int flag TSRM
 		
 		php_info_print_table_end();
 
+		/* Suhosin Patch */
+		php_info_print_box_start(0);
+		if (expose_php && !sapi_module.phpinfo_as_text) {
+			PUTS("<a href=\"http://www.suhosin.org\"><img border=\"0\" src=\"");
+			if (SG(request_info).request_uri) {
+				char *elem_esc = php_info_html_esc(SG(request_info).request_uri TSRMLS_CC);
+				PUTS(elem_esc);
+				efree(elem_esc);
+			}
+			PUTS("?="SUHOSIN_LOGO_GUID"\" alt=\"Suhosin logo\" /></a>\n");
+		}
+		PUTS("This server is protected with the Suhosin Patch ");
+		if (sapi_module.phpinfo_as_text) {
+			PUTS(SUHOSIN_PATCH_VERSION);
+		} else {
+			zend_html_puts(SUHOSIN_PATCH_VERSION, strlen(SUHOSIN_PATCH_VERSION) TSRMLS_CC);
+		}
+		PUTS(!sapi_module.phpinfo_as_text?"<br />":"\n");
+		if (sapi_module.phpinfo_as_text) {
+			PUTS("Copyright (c) 2006-2007 Hardened-PHP Project\n");
+			PUTS("Copyright (c) 2007-2009 SektionEins GmbH\n");
+		} else {
+			PUTS("Copyright (c) 2006-2007 <a href=\"http://www.hardened-php.net/\">Hardened-PHP Project</a>\n");
+			PUTS("Copyright (c) 2007-2009 <a href=\"http://www.sektioneins.de/\">SektionEins GmbH</a>\n");
+		}
+		php_info_print_box_end();
+
 		/* Zend Engine */
 		php_info_print_box_start(0);
 		if (expose_php && !sapi_module.phpinfo_as_text) {
diff -Naurp php-5.3.6RC1/ext/standard/syslog.c php-5.3.6RC1.oden/ext/standard/syslog.c
--- php-5.3.6RC1/ext/standard/syslog.c	2011-01-01 03:19:59.000000000 +0100
+++ php-5.3.6RC1.oden/ext/standard/syslog.c	2011-02-20 11:50:19.299836022 +0100
@@ -42,6 +42,7 @@ static void start_syslog(TSRMLS_D);
  */
 PHP_MINIT_FUNCTION(syslog)
 {
+#if !SUHOSIN_PATCH
 	/* error levels */
 	REGISTER_LONG_CONSTANT("LOG_EMERG", LOG_EMERG, CONST_CS | CONST_PERSISTENT); /* system unusable */
 	REGISTER_LONG_CONSTANT("LOG_ALERT", LOG_ALERT, CONST_CS | CONST_PERSISTENT); /* immediate action required */
@@ -97,6 +98,7 @@ PHP_MINIT_FUNCTION(syslog)
 	/* AIX doesn't have LOG_PERROR */
 	REGISTER_LONG_CONSTANT("LOG_PERROR", LOG_PERROR, CONST_CS | CONST_PERSISTENT); /*log to stderr*/
 #endif
+#endif
 	BG(syslog_device)=NULL;
 
 	return SUCCESS;
diff -Naurp php-5.3.6RC1/main/fopen_wrappers.c php-5.3.6RC1.oden/main/fopen_wrappers.c
--- php-5.3.6RC1/main/fopen_wrappers.c	2011-01-18 23:20:09.000000000 +0100
+++ php-5.3.6RC1.oden/main/fopen_wrappers.c	2011-02-20 11:50:19.299836022 +0100
@@ -85,13 +85,8 @@ or a tightening during activation/runtim
 PHPAPI ZEND_INI_MH(OnUpdateBaseDir)
 {
 	char **p, *pathbuf, *ptr, *end;
-#ifndef ZTS
-	char *base = (char *) mh_arg2;
-#else
-	char *base = (char *) ts_resource(*((int *) mh_arg2));
-#endif
 
-	p = (char **) (base + (size_t) mh_arg1);
+	p = &PG(open_basedir);
 
 	if (stage == PHP_INI_STAGE_STARTUP || stage == PHP_INI_STAGE_SHUTDOWN || stage == PHP_INI_STAGE_ACTIVATE || stage == PHP_INI_STAGE_DEACTIVATE) {
 		/* We're in a PHP_INI_SYSTEM context, no restrictions */
diff -Naurp php-5.3.6RC1/main/main.c php-5.3.6RC1.oden/main/main.c
--- php-5.3.6RC1/main/main.c	2011-02-08 22:40:51.000000000 +0100
+++ php-5.3.6RC1.oden/main/main.c	2011-02-20 11:50:19.301836304 +0100
@@ -90,6 +90,9 @@
 
 #include "SAPI.h"
 #include "rfc1867.h"
+#if SUHOSIN_PATCH
+#include "suhosin_globals.h"
+#endif
 
 #if HAVE_SYS_MMAN_H
 # include <sys/mman.h>
@@ -490,7 +493,7 @@ PHP_INI_BEGIN()
 	STD_PHP_INI_ENTRY("extension_dir",			PHP_EXTENSION_DIR,		PHP_INI_SYSTEM,		OnUpdateStringUnempty,	extension_dir,			php_core_globals,	core_globals)
 	STD_PHP_INI_ENTRY("include_path",			PHP_INCLUDE_PATH,		PHP_INI_ALL,		OnUpdateStringUnempty,	include_path,			php_core_globals,	core_globals)
 	PHP_INI_ENTRY("max_execution_time",			"30",		PHP_INI_ALL,			OnUpdateTimeout)
-	STD_PHP_INI_ENTRY("open_basedir",			NULL,		PHP_INI_ALL,		OnUpdateBaseDir,			open_basedir,			php_core_globals,	core_globals)
+	PHP_INI_ENTRY("open_basedir",			NULL,		PHP_INI_ALL,		OnUpdateBaseDir)
 	STD_PHP_INI_ENTRY("safe_mode_exec_dir",		PHP_SAFE_MODE_EXEC_DIR,	PHP_INI_SYSTEM,		OnUpdateString,			safe_mode_exec_dir,		php_core_globals,	core_globals)
 
 	STD_PHP_INI_BOOLEAN("file_uploads",			"1",		PHP_INI_SYSTEM,		OnUpdateBool,			file_uploads,			php_core_globals,	core_globals)
@@ -1781,6 +1784,10 @@ void dummy_invalid_parameter_handler(
 }
 #endif
 
+#if SUHOSIN_PATCH
+PHPAPI void suhosin_startup();
+#endif
+
 /* {{{ php_module_startup
  */
 int php_module_startup(sapi_module_struct *sf, zend_module_entry *additional_modules, uint num_additional_modules)
@@ -1825,6 +1832,10 @@ int php_module_startup(sapi_module_struc
 	tsrm_ls = ts_resource(0);
 #endif
 
+#if SUHOSIN_PATCH
+        suhosin_startup();
+#endif
+
 	module_shutdown = 0;
 	module_startup = 1;
 	sapi_initialize_empty_request(TSRMLS_C);
@@ -1944,7 +1955,11 @@ int php_module_startup(sapi_module_struc
 	REGISTER_MAIN_STRINGL_CONSTANT("PHP_CONFIG_FILE_SCAN_DIR", PHP_CONFIG_FILE_SCAN_DIR, sizeof(PHP_CONFIG_FILE_SCAN_DIR)-1, CONST_PERSISTENT | CONST_CS);
 	REGISTER_MAIN_STRINGL_CONSTANT("PHP_SHLIB_SUFFIX", PHP_SHLIB_SUFFIX, sizeof(PHP_SHLIB_SUFFIX)-1, CONST_PERSISTENT | CONST_CS);
 	REGISTER_MAIN_STRINGL_CONSTANT("PHP_EOL", PHP_EOL, sizeof(PHP_EOL)-1, CONST_PERSISTENT | CONST_CS);
-	REGISTER_MAIN_LONG_CONSTANT("PHP_MAXPATHLEN", MAXPATHLEN, CONST_PERSISTENT | CONST_CS);
+#if SUHOSIN_PATCH
+        REGISTER_MAIN_LONG_CONSTANT("SUHOSIN_PATCH", 1, CONST_PERSISTENT | CONST_CS);
+        REGISTER_MAIN_STRINGL_CONSTANT("SUHOSIN_PATCH_VERSION", SUHOSIN_PATCH_VERSION, sizeof(SUHOSIN_PATCH_VERSION)-1, CONST_PERSISTENT | CONST_CS);
+#endif	
+        REGISTER_MAIN_LONG_CONSTANT("PHP_MAXPATHLEN", MAXPATHLEN, CONST_PERSISTENT | CONST_CS);
 	REGISTER_MAIN_LONG_CONSTANT("PHP_INT_MAX", LONG_MAX, CONST_PERSISTENT | CONST_CS);
 	REGISTER_MAIN_LONG_CONSTANT("PHP_INT_SIZE", sizeof(long), CONST_PERSISTENT | CONST_CS);
 #ifdef ZEND_MULTIBYTE
diff -Naurp php-5.3.6RC1/main/php_config.h.in php-5.3.6RC1.oden/main/php_config.h.in
--- php-5.3.6RC1/main/php_config.h.in	2011-02-16 21:30:44.000000000 +0100
+++ php-5.3.6RC1.oden/main/php_config.h.in	2011-02-20 11:50:19.302836444 +0100
@@ -851,6 +851,9 @@
 /* Define if the target system has /dev/urandom device */
 #undef HAVE_DEV_URANDOM
 
+/* Suhosin-Patch for PHP */
+#undef SUHOSIN_PATCH
+
 /* Whether you have AOLserver */
 #undef HAVE_AOLSERVER
 
diff -Naurp php-5.3.6RC1/main/php.h php-5.3.6RC1.oden/main/php.h
--- php-5.3.6RC1/main/php.h	2011-01-01 03:19:59.000000000 +0100
+++ php-5.3.6RC1.oden/main/php.h	2011-02-20 11:50:19.303836584 +0100
@@ -453,6 +453,10 @@ END_EXTERN_C()
 #endif
 #endif /* !XtOffsetOf */
 
+#if SUHOSIN_PATCH
+#include "suhosin_patch.h"
+#endif
+
 #endif
 
 /*
diff -Naurp php-5.3.6RC1/main/php_logos.c php-5.3.6RC1.oden/main/php_logos.c
--- php-5.3.6RC1/main/php_logos.c	2011-01-01 03:19:59.000000000 +0100
+++ php-5.3.6RC1.oden/main/php_logos.c	2011-02-20 11:50:19.303836584 +0100
@@ -50,6 +50,10 @@ PHPAPI int php_unregister_info_logo(char
 	return zend_hash_del(&phpinfo_logo_hash, logo_string, strlen(logo_string));
 }
 
+#if SUHOSIN_PATCH
+#include "suhosin_logo.h"
+#endif
+
 int php_init_info_logos(void)
 {
 	if(zend_hash_init(&phpinfo_logo_hash, 0, NULL, NULL, 1)==FAILURE) 
@@ -58,7 +62,9 @@ int php_init_info_logos(void)
 	php_register_info_logo(PHP_EGG_LOGO_GUID, "image/gif", php_egg_logo, sizeof(php_egg_logo));
 	php_register_info_logo(ZEND_LOGO_GUID   , "image/gif", zend_logo   , sizeof(zend_logo));
 	php_register_info_logo(PLD_LOGO_GUID    , "image/png", pld_logo    , sizeof(pld_logo));
-
+#if SUHOSIN_PATCH
+	php_register_info_logo(SUHOSIN_LOGO_GUID, "image/jpeg", suhosin_logo   , sizeof(suhosin_logo));
+#endif
 	return SUCCESS;
 }
 
diff -Naurp php-5.3.6RC1/main/snprintf.c php-5.3.6RC1.oden/main/snprintf.c
--- php-5.3.6RC1/main/snprintf.c	2011-01-01 03:19:59.000000000 +0100
+++ php-5.3.6RC1.oden/main/snprintf.c	2011-02-20 11:50:19.304836724 +0100
@@ -780,6 +780,10 @@ static int format_converter(register buf
 			 */
 			switch (*fmt) {
 				case 'Z':
+#if SUHOSIN_PATCH
+					zend_suhosin_log(S_MISC, "'Z' specifier within format string");
+					goto skip_output;
+#else
 					zvp = (zval*) va_arg(ap, zval*);
 					zend_make_printable_zval(zvp, &zcopy, &free_zcopy);
 					if (free_zcopy) {
@@ -790,6 +794,7 @@ static int format_converter(register buf
 					if (adjust_precision && precision < s_len) {
 						s_len = precision;
 					}
+#endif
 					break;
 				case 'u':
 					switch(modifier) {
@@ -1091,7 +1096,11 @@ static int format_converter(register buf
 
 
 				case 'n':
+#if SUHOSIN_PATCH
+					zend_suhosin_log(S_MISC, "'n' specifier within format string");
+#else
 					*(va_arg(ap, int *)) = cc;
+#endif
 					goto skip_output;
 
 					/*
diff -Naurp php-5.3.6RC1/main/spprintf.c php-5.3.6RC1.oden/main/spprintf.c
--- php-5.3.6RC1/main/spprintf.c	2011-01-01 03:19:59.000000000 +0100
+++ php-5.3.6RC1.oden/main/spprintf.c	2011-02-20 11:50:19.305836865 +0100
@@ -388,6 +388,10 @@ static void xbuf_format_converter(smart_
 			 */
 			switch (*fmt) {
 				case 'Z':
+#if SUHOSIN_PATCH
+					zend_suhosin_log(S_MISC, "'Z' specifier within format string");
+					goto skip_output;
+#else
 					zvp = (zval*) va_arg(ap, zval*);
 					zend_make_printable_zval(zvp, &zcopy, &free_zcopy);
 					if (free_zcopy) {
@@ -398,6 +402,7 @@ static void xbuf_format_converter(smart_
 					if (adjust_precision && precision < s_len) {
 						s_len = precision;
 					}
+#endif
 					break;
 				case 'u':
 					switch(modifier) {
@@ -698,7 +703,11 @@ static void xbuf_format_converter(smart_
 
 
 				case 'n':
+#if SUHOSIN_PATCH
+					zend_suhosin_log(S_MISC, "'n' specifier within format string");
+#else
 					*(va_arg(ap, int *)) = xbuf->len;
+#endif
 					goto skip_output;
 
 					/*
diff -Naurp php-5.3.6RC1/main/suhosin_globals.h php-5.3.6RC1.oden/main/suhosin_globals.h
--- php-5.3.6RC1/main/suhosin_globals.h	1970-01-01 01:00:00.000000000 +0100
+++ php-5.3.6RC1.oden/main/suhosin_globals.h	2011-02-20 11:50:19.306837006 +0100
@@ -0,0 +1,61 @@
+/*
+   +----------------------------------------------------------------------+
+   | Suhosin-Patch for PHP                                                |
+   +----------------------------------------------------------------------+
+   | Copyright (c) 2004-2009 Stefan Esser                                 |
+   +----------------------------------------------------------------------+
+   | This source file is subject to version 2.02 of the PHP license,      |
+   | that is bundled with this package in the file LICENSE, and is        |
+   | available at through the world-wide-web at                           |
+   | http://www.php.net/license/2_02.txt.                                 |
+   | If you did not receive a copy of the PHP license and are unable to   |
+   | obtain it through the world-wide-web, please send a note to          |
+   | license@php.net so we can mail you a copy immediately.               |
+   +----------------------------------------------------------------------+
+   | Author: Stefan Esser <stefan.esser@sektioneins.de>                   |
+   +----------------------------------------------------------------------+
+ */
+
+#ifndef SUHOSIN_GLOBALS_H
+#define SUHOSIN_GLOBALS_H
+
+typedef struct _suhosin_patch_globals suhosin_patch_globals_struct;
+
+#ifdef ZTS
+# define SPG(v) TSRMG(suhosin_patch_globals_id, suhosin_patch_globals_struct *, v)
+extern int suhosin_patch_globals_id;
+#else
+# define SPG(v) (suhosin_patch_globals.v)
+extern struct _suhosin_patch_globals suhosin_patch_globals;
+#endif
+
+
+struct _suhosin_patch_globals {
+	/* logging */
+	int log_syslog;
+	int log_syslog_facility;
+	int log_syslog_priority;
+	int log_sapi;
+	int log_script;
+	int log_phpscript;
+	char *log_scriptname;
+	char *log_phpscriptname;
+	zend_bool log_phpscript_is_safe;
+	zend_bool log_use_x_forwarded_for;
+	
+	/* memory manager canary protection */
+	unsigned int canary_1;
+	unsigned int canary_2;
+	unsigned int canary_3;
+	unsigned int dummy;
+};
+
+
+#endif /* SUHOSIN_GLOBALS_H */
+
+/*
+ * Local variables:
+ * tab-width: 4
+ * c-basic-offset: 4
+ * End:
+ */
diff -Naurp php-5.3.6RC1/main/suhosin_logo.h php-5.3.6RC1.oden/main/suhosin_logo.h
--- php-5.3.6RC1/main/suhosin_logo.h	1970-01-01 01:00:00.000000000 +0100
+++ php-5.3.6RC1.oden/main/suhosin_logo.h	2011-02-20 11:50:19.306837006 +0100
@@ -0,0 +1,178 @@
+static unsigned char suhosin_logo[] =
+	"\xff\xd8\xff\xe0\x00\x10\x4a\x46\x49\x46\x00\x01\x01\x01\x00\x48"
+	"\x00\x48\x00\x00\xff\xe1\x00\x16\x45\x78\x69\x66\x00\x00\x4d\x4d"
+	"\x00\x2a\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\xff\xdb\x00\x43"
+	"\x00\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
+	"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
+	"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
+	"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
+	"\x01\xff\xc0\x00\x0b\x08\x00\x27\x00\x71\x01\x01\x22\x00\xff\xc4"
+	"\x00\x1e\x00\x00\x02\x02\x02\x03\x01\x01\x00\x00\x00\x00\x00\x00"
+	"\x00\x00\x00\x00\x09\x06\x08\x05\x07\x02\x03\x0a\x01\x04\xff\xc4"
+	"\x00\x32\x10\x00\x01\x04\x03\x00\x02\x00\x05\x01\x05\x09\x01\x00"
+	"\x00\x00\x00\x05\x02\x03\x04\x06\x01\x07\x08\x00\x09\x11\x12\x13"
+	"\x14\x21\x15\x0a\x16\x31\x56\x96\x17\x18\x19\x23\x32\x41\x58\x98"
+	"\xd4\xd6\xff\xda\x00\x08\x01\x01\x00\x00\x3f\x00\xf4\xc1\xe1\xe5"
+	"\x69\xe9\x3e\xb9\xd1\x7c\x8a\x2e\x9d\x66\xe8\x3b\x29\x4d\x7f\x46"
+	"\xba\x58\x55\x54\x8d\xb1\x5f\xaa\xd9\x8d\x51\x2b\xb6\x27\x5a\x69"
+	"\xd1\x43\xaf\x16\x1a\xf0\xb2\xb1\xe9\x6d\x9f\xc2\xa4\x36\x18\xb5"
+	"\x85\x10\x41\xbe\xfc\x09\xac\x49\x29\x11\xd4\x32\x97\xec\x08\x13"
+	"\xc1\x2d\x20\xc3\x59\xeb\x26\x05\xd8\x6b\x76\x31\x43\x8f\x57\xcf"
+	"\x84\x9f\x14\xa8\x53\x81\x0b\xc3\x64\x80\xa3\x02\x0a\x41\x75\xf8"
+	"\x44\x85\x93\x81\x22\x3c\xd8\x13\xe1\xbe\xf4\x59\x91\x1f\x6a\x44"
+	"\x77\x5c\x69\xc4\x2f\x39\x5f\x0f\x2a\x8d\xeb\xba\xf8\xc3\x56\x6c"
+	"\x3b\x36\xa7\xda\xbd\x4d\xa1\xb5\x4e\xc6\xa7\xa4\x3a\xec\x15\x2d"
+	"\xa5\xb3\xea\x5a\xdc\xac\x46\xac\x01\x60\xd8\x43\xc8\x8e\x8b\xb1"
+	"\x40\x4c\x95\x8b\x34\x41\x28\x52\x91\x28\x43\xd3\xa3\xb6\xa7\x55"
+	"\x15\xe7\x5a\x96\xcb\xf1\xda\xe5\x55\xee\xfe\x1e\xbd\xd9\x41\xd3"
+	"\x28\xfd\x97\xca\x57\x2b\x85\x9c\xa4\x30\x95\xaa\xa5\x57\xa2\x35"
+	"\x15\x86\xcb\x61\x34\x41\xe4\xc7\x80\x20\x18\x21\x17\x09\x85\x0b"
+	"\x14\x9d\x21\x68\x62\x1c\x08\x11\x64\x4b\x92\xf2\xd2\xd3\x2d\x2d"
+	"\x6a\xc2\x73\x6b\x3c\x3c\x8b\x9e\xbc\x52\xaa\xa4\xab\x81\x6c\xf6"
+	"\xfa\xbd\x70\xc5\xc6\x7b\xc2\xaa\x22\x4f\x58\x04\x87\x25\x6a\x27"
+	"\x1d\xa4\x3d\x20\x75\x72\x01\x09\x71\xe5\x1c\x9e\xc3\x2e\x36\xf3"
+	"\xd0\xc6\x35\x2a\x43\x4d\x2d\x0e\x2d\xb4\xa1\x49\xce\x65\x1e\x52"
+	"\x9e\xa1\xf6\x09\xcc\xdc\x63\x66\xa8\x01\xe9\x3b\x0d\xd7\x5a\x85"
+	"\xbb\xc5\x65\xc0\x7b\x2e\x46\xa9\xd9\x56\x1d\x4c\x92\x72\x26\x4e"
+	"\x86\xd5\x68\xae\xc4\xaa\x55\xce\xd7\x83\x59\xb3\x81\xee\xce\x74"
+	"\x39\x39\x31\x9f\x8a\x25\xe8\xa5\xa5\xe5\x81\xf2\x11\x23\xcb\xa1"
+	"\x1e\x43\x12\xe3\xb1\x2a\x2b\xcd\xc8\x8d\x25\x96\xa4\x47\x7d\x95"
+	"\xa5\xc6\x9f\x61\xe4\x25\xc6\x5e\x69\xc4\xe7\x29\x5b\x6e\xb6\xa4"
+	"\xad\x0b\x4e\x72\x95\x25\x58\x56\x33\x9c\x67\xce\xef\x0f\x17\xbf"
+	"\x4c\x7b\x2d\xe6\xfe\x76\x35\x27\x5a\x07\x97\x67\xe8\xae\x8d\x71"
+	"\x0f\xb2\x13\x99\xb9\xbc\x14\xad\xb3\xb7\xe6\x11\x6f\xe0\xda\x58"
+	"\xb1\x08\xac\xa6\x6c\x2d\x7f\x05\xb7\x56\xd2\xe6\xcf\xbb\x4d\x0c"
+	"\xe3\x50\xb2\xec\x91\xf0\x4a\xb8\xd6\x22\xb8\xa7\xf6\x67\xaf\xcf"
+	"\x63\x7e\xd7\xe7\x42\xd8\xbd\xc3\x71\xa1\xf2\x7e\x9b\xa8\x97\x83"
+	"\x6e\xd1\xdc\x4b\x06\x11\x2d\xae\x26\x61\x98\x72\x10\xf4\x42\x5d"
+	"\x20\x4a\xa3\x73\xd7\xf2\xcd\x3c\x48\x32\xe4\x03\x9f\x80\x37\x08"
+	"\x36\x11\xd0\xcb\x97\x6c\x08\xed\x6d\x33\x24\xa2\x1b\xb4\x77\xdf"
+	"\x61\x5d\x5f\xc1\x43\xc2\x82\xeb\x0f\x5d\x84\x08\x68\xaa\xa4\x01"
+	"\xe1\x19\xdf\xbc\x31\x65\xfe\xd1\xf5\x7d\x7a\xb2\x2a\x33\x50\x21"
+	"\x2a\x56\x9d\xb1\x81\xab\xdb\x35\x78\x30\x83\xd9\x89\x1d\x31\xac"
+	"\x96\x14\x07\x61\xbc\x20\x68\x42\x85\x33\x19\xac\xbe\xdb\x34\x56"
+	"\xf1\xd5\xfd\x29\xa9\x28\xdb\xcb\x4c\x5a\x23\xdc\xf5\x96\xc5\x10"
+	"\xa3\x35\x5b\x14\x68\xd3\x61\x62\x64\x76\x26\xcb\x17\x3e\x34\x98"
+	"\x04\xa3\xc4\x20\x38\x90\x92\xe3\xc8\x07\x2c\x36\x74\x66\x26\x0e"
+	"\x29\x02\x64\x29\x2d\x21\xe6\x16\x9c\x6b\xce\xa3\x89\xd9\x4f\xd3"
+	"\xc4\xbd\xc5\x87\x79\x9c\x65\xf6\x39\x45\x60\xe8\xce\x9e\xab\x6d"
+	"\x13\x15\x22\xe1\x5e\x4b\x38\x42\xc4\x1e\xd5\x76\xe0\xc5\xeb\x85"
+	"\x07\x2d\x0f\xb8\xb6\xa6\xd6\x6d\x71\x0d\xa2\x43\x4c\x25\xea\xfa"
+	"\xa1\xae\x4c\xe4\x7d\xbd\x76\xa9\xfb\x06\xc2\x83\x42\xeb\xad\xe7"
+	"\xe9\x5f\x68\x6f\xba\xfb\x2f\x07\xce\xb8\x13\xc1\x9b\xeb\xb0\x76"
+	"\x45\x57\x28\x7b\xea\xbe\x0f\xf4\x30\x7b\xa0\xed\xe4\x22\x93\x21"
+	"\xfc\xbc\xe0\xb9\x75\xc1\x4f\xfc\xef\xb6\xfa\xa1\xfc\x64\xa1\x4a"
+	"\x82\xc7\x33\xad\x75\xed\x82\xbd\x3d\xdb\xf7\xa8\xbe\x5e\xbb\x36"
+	"\x62\x04\x9a\x2e\xc5\xd9\x9e\x9c\x3a\x0b\x98\x0b\x57\xac\xf1\x24"
+	"\x62\x58\x83\x15\x5b\xa6\xf2\xda\x34\x70\x03\xce\x0f\x93\x1b\x12"
+	"\xc7\xce\x54\x87\x33\x15\xd6\x53\x25\x1f\x2a\x90\x87\x12\xe3\x78"
+	"\xef\x55\x77\x4d\x4a\xd8\x7e\xef\xd2\xfd\xd1\xaf\x3a\xaf\x55\xdb"
+	"\x6a\x2d\x3d\x42\xac\x51\x79\xee\x91\xab\xe1\x05\x2d\x3c\x80\xa2"
+	"\x43\xad\x22\x2e\xd5\x33\x13\xa4\x9e\x00\xe0\x04\x10\x84\xc8\xf2"
+	"\x19\x30\x92\x1f\xaa\xc3\x28\xc9\x76\x30\x3f\xe9\x10\x61\x5e\x79"
+	"\xd5\xf7\xdf\xd0\x54\xdb\xae\xb6\xae\xfa\xe8\xa3\x57\xe0\x6c\x2d"
+	"\xf7\xbd\x49\xd6\x6e\x76\x79\xcc\x54\x0c\x5f\xff\x00\xbb\x06\x98"
+	"\xa6\x9e\x89\x61\xb4\x6f\xc3\xe3\x6a\xc2\x4f\x59\x03\xc9\x80\x2c"
+	"\x59\x24\x44\x70\x38\xd5\x96\x6a\x9e\x8b\x81\x64\xe5\xbc\xa0\x3c"
+	"\x33\xaf\x17\x9d\xff\x00\x71\x1a\xd1\x3a\x80\x66\xb3\xd9\x31\x77"
+	"\x0d\x12\xbd\xae\x29\xb5\x6a\xd6\xcf\x8d\x68\x87\x75\xcd\xe8\x65"
+	"\x5a\xbe\x3c\x04\x7b\x34\xdb\x54\x19\xa4\x63\x9c\x2a\x5d\x23\xbe"
+	"\xf4\xb1\x1c\x4d\x90\xec\x92\x2f\x49\x71\xf7\x14\xf2\x97\x9f\x15"
+	"\x57\xed\x13\x21\x2a\xf5\x33\xd1\x2a\x52\x52\xac\xb7\x62\xd1\xcb"
+	"\x46\x73\x8c\x67\x28\x56\x77\x86\xbf\x6f\x2a\x4e\x73\xfe\x95\x65"
+	"\x0b\x5a\x3e\x38\xfc\xfc\xaa\x56\x3f\x86\x73\xe3\xb9\x4a\x52\x84"
+	"\xa5\x08\x4e\x12\x94\x27\x09\x4a\x53\x8c\x61\x29\x4a\x71\xf0\x4a"
+	"\x53\x8c\x7e\x31\x8c\x63\x18\xc6\x31\x8f\xc6\x31\xf8\xc7\x9f\x7c"
+	"\xd5\xbb\xae\x5e\xe2\x1f\xab\x6e\x24\x34\x00\x8a\x25\x83\x70\x40"
+	"\x1c\xcc\xda\x45\x7f\x66\x4e\x30\x2e\x94\x7e\x74\x49\xf0\xe4\x4e"
+	"\x06\x5c\xa8\x2f\x89\x21\x2e\x98\x0e\xd9\x21\xc2\x0b\x21\x0f\xc4"
+	"\x16\x6e\x48\xd9\xe4\xe3\x4a\x19\x1e\x64\x67\x54\xff\x00\x3a\x6d"
+	"\x4f\x62\xb5\x00\x4a\xaa\x51\xfd\x2d\xe8\x0e\x6c\xaf\xc6\x7d\x6d"
+	"\xc8\x88\xc7\x67\xea\x8a\x58\x02\x73\xe3\x65\x4d\xc9\x24\xc0\x3d"
+	"\x57\xa3\x2e\x53\x16\x99\x4f\xe5\xe7\x19\x97\x3e\x3b\xcf\xc9\x4b"
+	"\x99\x7f\x33\x25\xa5\xdf\xba\x77\x2b\xd3\x3e\xc2\x7b\x8b\x94\x07"
+	"\xe9\x52\x5b\x43\x87\x34\x14\x86\x37\xcf\x41\x6b\x8e\x6a\xa5\x22"
+	"\xab\xdb\x96\xa2\xcf\x46\xd8\x9b\x45\x93\xef\xd6\xdf\x3e\x99\x9c"
+	"\x7e\x29\x10\x6b\x6c\xa2\xb8\x43\x05\x09\x44\x70\x8c\xb8\xaa\x54"
+	"\x7c\x30\x36\x5e\x1c\x5e\x5b\x9f\x6c\x0d\x81\xee\xa0\x93\x8d\x67"
+	"\x55\xf3\x87\xaf\xaa\x6b\x58\xf9\xbe\xb2\x36\x07\x42\x6e\xbd\x96"
+	"\xe3\x9f\x1f\x8f\xc9\xf4\x9d\xae\x6a\x7d\x4c\x96\xbe\x5f\xc7\xcd"
+	"\xf3\xb2\xf7\xcd\xf0\xcf\xc3\xe4\xf8\xfe\x37\x4f\x1c\x4d\xf6\x40"
+	"\xf1\x6b\x7c\x4e\xe0\xa6\x71\xad\x56\xa7\x1c\x5c\x15\x6b\xfc\xf3"
+	"\x01\x5d\xac\xf1\x75\x9a\x72\x6b\xaa\x28\xc5\x88\x6d\xfb\x33\x85"
+	"\xe0\x4e\x61\xab\xeb\x31\x2c\x71\x08\x73\x11\x3b\xfc\xb5\xc0\x96"
+	"\xcc\x87\x24\x44\xb5\x9b\x9e\xb3\x71\xba\xe9\xed\xb1\x4e\xd7\x76"
+	"\x6c\xd2\xb6\x05\xb7\x5a\xde\xeb\x34\x5b\x96\x16\xfb\x59\xa9\x5c"
+	"\x4f\x55\xca\x8a\xac\x59\xb0\xe4\x54\x39\x25\xbc\x81\x37\x2a\x09"
+	"\x5f\x9e\x3b\x6b\x7d\x1f\x69\xf3\x34\x85\x39\x84\xa7\x28\x0b\xd3"
+	"\xfd\xfb\x4b\x7a\xea\xe7\xd2\x3c\xd3\xda\x15\x68\xbc\x73\xd3\x22"
+	"\x6f\xd7\x72\x5b\x2b\x66\xee\xa8\x0d\x54\xe8\x5b\xf9\x92\x96\x92"
+	"\x93\xea\x97\x4a\xc7\x43\x10\x46\x35\xc5\xc0\x60\x8a\xe4\xc1\xb5"
+	"\x36\xc6\xae\xed\xf7\x70\xa5\x86\x99\x3d\x91\xf8\xfd\x4e\x53\xeb"
+	"\xbb\xbd\x6d\xec\x8f\xd7\x89\x3d\x31\x7f\xd7\x78\xba\x50\xbb\x74"
+	"\x9d\xf6\xac\x4e\xb9\x03\x9c\x79\xd5\xe1\xbd\x17\x68\xd9\x13\x0b"
+	"\x45\x75\x88\x00\x1d\x1f\xae\x73\x6a\x1d\x5c\x6e\x44\x9f\xa6\xfa"
+	"\x4e\xd8\x25\x8b\xc0\xbc\xb2\x99\xe3\x17\x24\xb3\x23\xe2\x48\x8b"
+	"\xfa\x22\xe7\x7e\x8f\xe6\x3f\x5f\x55\x0d\x75\xd3\x51\x0b\xd7\xed"
+	"\xd3\x6f\x97\x3b\x85\x42\x80\x7e\x5f\xdc\x1b\xd6\xba\xee\xc4\x80"
+	"\xce\x06\xa9\x15\x8c\x97\x5f\x40\x69\xb2\x4d\xc5\xb2\x5c\x1e\x01"
+	"\x87\x7e\xe0\x36\x6d\x78\x80\x4e\x3c\x02\xec\x90\x1d\x11\x81\x74"
+	"\xa5\x8b\xa4\xa0\x56\x06\xd5\x79\x72\x85\x57\x3b\xb2\x2e\xae\x90"
+	"\x18\x8d\x91\xb2\x0e\x44\x19\xaa\xb4\xcc\x08\xed\x46\xfa\xd7\x2b"
+	"\x78\x58\x72\x5d\xbb\x5e\x49\xe7\xee\xf3\x8a\x9d\x22\xa4\x19\xc8"
+	"\xe7\x08\xc3\x90\x9b\x35\x9a\xa4\x25\x8c\x4b\x9b\xa7\xf8\xbf\x81"
+	"\xf5\xdf\x22\x66\xf1\x7e\x9f\x66\x3d\xbb\xfa\x73\x73\x4d\xfd\x67"
+	"\x7b\xf4\xce\xc3\x62\x2e\x6f\xbb\x0c\xa2\xdc\x69\xfc\x8a\x17\x0e"
+	"\x3a\x9e\x83\x46\xd7\xe3\x5e\x65\x86\xc0\x51\x00\xbb\x91\xe3\xe1"
+	"\xc1\x16\xc4\xe9\x65\x5c\x14\x3e\x44\x6a\x6b\xd1\x1e\xb0\x36\xdd"
+	"\x0b\x7d\x8a\xeb\xaf\x58\x5b\x64\x3f\x38\xed\x52\x76\xe8\x46\xf7"
+	"\x86\x84\xb3\x93\xb1\x0b\xe5\xfd\xfd\x0d\xe9\x6d\xe4\xf1\x1b\x1d"
+	"\x56\xb4\x34\xe4\x6a\xf5\xa4\x9c\x2c\xc9\x64\x94\xc1\xf5\x79\x6d"
+	"\x12\x96\xf3\x47\xc5\x48\xa8\xdb\xd8\x95\x64\x29\xcf\xf6\x88\xf1"
+	"\x95\x7a\x98\xe8\xbc\x27\x19\xce\x73\x61\xd1\xb8\xc6\x31\x8c\xe7"
+	"\x39\xce\x77\x9e\xbc\xc6\x31\x8c\x63\xf3\x9c\xe7\x39\xc6\x31\x8f"
+	"\xf7\xce\x7e\x1e\x3b\x7f\x0f\x0f\x0f\x13\x57\xb9\x0a\xe1\x0b\x64"
+	"\x5f\x58\x40\xc6\xc7\x7a\x4b\xf2\x3d\xbc\x71\xf4\xa7\xd2\xca\x14"
+	"\xe2\x98\x1a\x30\x1e\xe0\x26\x5a\x6a\xf0\x9c\x67\x38\x66\x00\xb8"
+	"\x72\xe6\xbe\xac\xfe\x12\xd3\x0b\x56\x73\x8c\x63\xc7\x2b\xe1\xe2"
+	"\xe8\xdd\x7b\xff\x00\xd8\xe5\x23\x6c\xce\xa8\x69\xcf\x5e\x3a\xef"
+	"\x77\xea\xe5\xab\x0e\x82\xdb\xd9\xed\x7a\x9e\xb8\x6d\x51\x32\xdb"
+	"\x79\xc3\x36\x9a\x2d\xa3\x50\x39\x65\x0a\x63\x0e\xe5\xd4\x39\x12"
+	"\xbf\x8b\x98\xa4\xa1\x2d\xad\xb3\xcf\x65\x6a\x43\x78\xb3\x3b\x07"
+	"\xd8\xd5\xea\xae\x76\xad\x6f\xf5\xff\x00\xca\x93\xab\x96\xb0\x64"
+	"\xeb\xd6\x4a\xd5\x87\xba\xec\x24\x60\x97\x06\x76\x03\xe3\x4c\x07"
+	"\x29\x11\x8e\x34\x25\x02\x64\x29\xf0\x25\x48\x85\x3a\x33\x8b\x7a"
+	"\x3c\x86\x1e\x75\xa5\x61\xc6\x97\x9f\x8d\x25\xf5\xc9\xcd\xde\xc9"
+	"\x7d\x77\xf2\xc8\x7e\x70\xaf\x73\x5f\x2d\xec\xa2\x51\x2d\x96\xfb"
+	"\x89\xad\x80\x57\xb2\x36\x1d\x7d\x83\x45\xac\xf3\xdb\xcc\x6c\x31"
+	"\x4f\xcf\x30\x58\xd0\x12\x28\x90\x50\x42\x86\xfb\x48\x16\x3c\xc5"
+	"\x9c\xf8\xe7\xcc\x29\x88\xb3\x4a\x4b\x4e\x6c\xbc\xdb\xc7\xbb\xe9"
+	"\xb6\xa0\x8b\x11\xa1\x7d\x73\xd7\xe9\xbf\x7e\xc2\x6c\x10\x8d\xee"
+	"\x9d\xef\x63\x3a\xe0\xf5\xbe\x8c\x3e\xa1\xc7\xc5\xd1\x00\x44\x1e"
+	"\xf3\x51\xf2\xe2\xb0\xe3\xb5\x13\x7f\x32\xf1\x8c\xa6\x22\xfe\x1f"
+	"\x49\x4d\xbb\xcf\x3a\x5d\xed\x4c\xd2\xfc\x85\xed\x23\xd6\xc7\x50"
+	"\xb6\x5b\x3a\x16\x83\xb8\x6f\xfd\x32\x3f\xaa\x36\x34\xbb\xf5\x96"
+	"\xa9\xab\xcf\x9f\x8f\xac\xc3\xca\xd5\x8b\xd8\x48\x9e\x79\xaa\x30"
+	"\x87\xca\x58\x4d\x59\x96\xb9\x4f\xc5\x1b\x1c\xd2\xda\x5b\xe6\x57"
+	"\x29\xa1\x28\x7a\x2b\x5b\xff\x00\x12\x2f\x5e\x3f\xf3\xbb\x8e\x7f"
+	"\xec\xc6\x98\xff\x00\xed\x3c\xa6\xdd\xa9\xdc\x7e\xa0\xf7\xd6\x99"
+	"\x31\xa2\xf7\xaf\x6b\xe9\x82\x74\x4b\x3d\x8f\x5e\x58\x0b\x33\xab"
+	"\xef\xc3\xaf\x84\x64\xb9\xae\xb6\x25\x5f\x62\x8f\x1c\xe3\xf4\x51"
+	"\xb7\x96\xe3\x0e\x30\x42\xa9\x18\x39\xbf\x9e\x2a\x1f\x74\x19\x02"
+	"\x2d\x43\x93\x06\x63\xb1\xa7\x47\x6a\xfa\x9b\x6c\xeb\xbd\xe9\xae"
+	"\x6a\x7b\x6f\x53\x5a\x60\x5d\xb5\xcd\xe8\x67\xeb\x35\x3b\x48\xc6"
+	"\xa6\xb3\x04\xc8\xdf\xb8\x7e\x26\x64\xb0\xc9\x18\xb0\xa7\x33\xf2"
+	"\x4a\x8b\x22\x3b\x8d\x4b\x89\x1d\xf6\x9d\x65\xc4\x38\xd2\x54\x9c"
+	"\xe3\xcd\x89\xe1\xe1\xe6\x3e\x70\x81\x45\x1d\x18\xf9\x31\x83\xc8"
+	"\xbe\x14\x82\x4b\x87\x7a\x74\x28\xd2\xdd\x12\x55\x30\xe6\x0e\x49"
+	"\x31\x8e\x48\x69\xc5\xc0\x20\x91\xe4\x48\x41\x4c\xd8\xb9\x6a\x4e"
+	"\x21\xce\x99\x1b\x0e\xfd\x09\x4f\xa1\x79\x0f\x0f\x0f\x0f\x0f\x0f"
+	"\x0f\x3f\x3c\xb8\x71\x27\xc7\x72\x24\xe8\xb1\xa6\xc5\x7b\x18\xc3"
+	"\xb1\xa5\xb0\xd4\x98\xee\xe3\x19\xc6\x71\x87\x19\x79\x2b\x6d\x78"
+	"\xc6\x71\x8c\xe3\x0a\x4e\x71\x8c\xe3\x19\xfe\x38\xf2\x3b\xfb\x8b"
+	"\x48\xfe\x4e\xaa\xff\x00\x4f\x08\xff\x00\xc7\xe1\xfb\x8b\x48\xfe"
+	"\x4e\xaa\xff\x00\x4f\x08\xff\x00\xc7\xe4\x95\x86\x18\x8a\xcb\x31"
+	"\xa3\x32\xd4\x78\xf1\xdb\x43\x2c\x47\x61\xb4\x32\xcb\x2c\xb4\x9c"
+	"\x21\xb6\x99\x69\xbc\x25\xb6\xdb\x6d\x18\xc2\x10\xda\x12\x94\xa1"
+	"\x38\xc2\x53\x8c\x63\x18\xc7\x9d\xbe\x7f\xff\xd9"
+	;
diff -Naurp php-5.3.6RC1/main/suhosin_patch.c php-5.3.6RC1.oden/main/suhosin_patch.c
--- php-5.3.6RC1/main/suhosin_patch.c	1970-01-01 01:00:00.000000000 +0100
+++ php-5.3.6RC1.oden/main/suhosin_patch.c	2011-02-20 11:50:19.307837147 +0100
@@ -0,0 +1,470 @@
+/*
+   +----------------------------------------------------------------------+
+   | Suhosin Patch for PHP                                                |
+   +----------------------------------------------------------------------+
+   | Copyright (c) 2004-2010 Stefan Esser                                 |
+   +----------------------------------------------------------------------+
+   | This source file is subject to version 2.02 of the PHP license,      |
+   | that is bundled with this package in the file LICENSE, and is        |
+   | available at through the world-wide-web at                           |
+   | http://www.php.net/license/2_02.txt.                                 |
+   | If you did not receive a copy of the PHP license and are unable to   |
+   | obtain it through the world-wide-web, please send a note to          |
+   | license@php.net so we can mail you a copy immediately.               |
+   +----------------------------------------------------------------------+
+   | Author: Stefan Esser <sesser@hardened-php.net>                       |
+   +----------------------------------------------------------------------+
+ */
+/* $Id$ */
+
+#include "php.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/mman.h>
+
+#if HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#include "SAPI.h"
+#include "php_globals.h"
+
+#if SUHOSIN_PATCH
+
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+
+#if defined(PHP_WIN32) || defined(__riscos__) || defined(NETWARE)
+#undef AF_UNIX
+#endif
+
+#if defined(AF_UNIX)
+#include <sys/un.h>
+#endif
+
+#define SYSLOG_PATH  "/dev/log"
+
+#ifdef PHP_WIN32
+static HANDLE log_source = 0;
+#endif
+
+#include "snprintf.h"
+
+#include "suhosin_patch.h"
+
+#ifdef ZTS
+#include "suhosin_globals.h"
+int suhosin_patch_globals_id;
+#else
+struct _suhosin_patch_globals suhosin_patch_globals;
+#endif
+
+static char *suhosin_config = NULL;
+
+static zend_intptr_t SUHOSIN_POINTER_GUARD = 0;
+
+static void php_security_log(int loglevel, char *fmt, ...);
+
+static void suhosin_patch_globals_ctor(suhosin_patch_globals_struct *suhosin_patch_globals TSRMLS_DC)
+{
+	memset(suhosin_patch_globals, 0, sizeof(*suhosin_patch_globals));
+}
+
+ZEND_API char suhosin_get_config(int element)
+{
+        return ((char *)SUHOSIN_MANGLE_PTR(suhosin_config))[element];
+}
+
+static void suhosin_set_config(int element, char value)
+{
+        ((char *)SUHOSIN_MANGLE_PTR(suhosin_config))[element] = value;
+}
+
+static void suhosin_read_configuration_from_environment()
+{
+        char *tmp;
+        
+        /* check if canary protection should be activated or not */
+        tmp = getenv("SUHOSIN_MM_USE_CANARY_PROTECTION");
+        /* default to activated */
+        suhosin_set_config(SUHOSIN_MM_USE_CANARY_PROTECTION, 1);
+        if (tmp) {
+                int flag = zend_atoi(tmp, 0);
+                suhosin_set_config(SUHOSIN_MM_USE_CANARY_PROTECTION, flag);
+        }
+        
+        /* check if free memory should be overwritten with 0xFF or not */
+        tmp = getenv("SUHOSIN_MM_DESTROY_FREE_MEMORY");
+        /* default to deactivated */
+        suhosin_set_config(SUHOSIN_MM_DESTROY_FREE_MEMORY, 0);
+        if (tmp) {
+                int flag = zend_atoi(tmp, 0);
+                suhosin_set_config(SUHOSIN_MM_DESTROY_FREE_MEMORY, flag);
+        }
+        
+        /* check if canary violations should be ignored */
+        tmp = getenv("SUHOSIN_MM_IGNORE_CANARY_VIOLATION");
+        /* default to NOT ignore */
+        suhosin_set_config(SUHOSIN_MM_IGNORE_CANARY_VIOLATION, 0);
+        if (tmp) {
+                int flag = zend_atoi(tmp, 0);
+                suhosin_set_config(SUHOSIN_MM_IGNORE_CANARY_VIOLATION, flag);
+        }
+
+        /* check if invalid hashtable destructors should be ignored */
+        tmp = getenv("SUHOSIN_HT_IGNORE_INVALID_DESTRUCTOR");
+        /* default to NOT ignore */
+        suhosin_set_config(SUHOSIN_HT_IGNORE_INVALID_DESTRUCTOR, 0);
+        if (tmp) {
+                int flag = zend_atoi(tmp, 0);
+                suhosin_set_config(SUHOSIN_HT_IGNORE_INVALID_DESTRUCTOR, flag);
+        }
+
+        /* check if invalid linkedlist destructors should be ignored */
+        tmp = getenv("SUHOSIN_LL_IGNORE_INVALID_DESTRUCTOR");
+        /* default to NOT ignore */
+        suhosin_set_config(SUHOSIN_LL_IGNORE_INVALID_DESTRUCTOR, 0);
+        if (tmp) {
+                int flag = zend_atoi(tmp, 0);
+                suhosin_set_config(SUHOSIN_LL_IGNORE_INVALID_DESTRUCTOR, flag);
+        }
+        
+        suhosin_set_config(SUHOSIN_CONFIG_SET, 1);
+}
+
+static void suhosin_write_protect_configuration()
+{
+        /* check return value of mprotect() to ensure memory is read only now */
+        if (mprotect(SUHOSIN_MANGLE_PTR(suhosin_config), sysconf(_SC_PAGESIZE), PROT_READ) != 0) {
+                perror("suhosin");
+                _exit(1);
+        }
+}
+
+PHPAPI void suhosin_startup()
+{
+#ifdef ZTS
+	ts_allocate_id(&suhosin_patch_globals_id, sizeof(suhosin_patch_globals_struct), (ts_allocate_ctor) suhosin_patch_globals_ctor, NULL);
+#else
+	suhosin_patch_globals_ctor(&suhosin_patch_globals TSRMLS_CC);
+#endif
+	zend_suhosin_log = php_security_log;
+	
+	/* get the pointer guardian and ensure low 3 bits are 1 */
+        if (SUHOSIN_POINTER_GUARD == 0) {
+                zend_canary(&SUHOSIN_POINTER_GUARD, sizeof(SUHOSIN_POINTER_GUARD));
+                SUHOSIN_POINTER_GUARD |= 7;
+        }
+	
+	if (!suhosin_config) {
+#ifndef MAP_ANONYMOUS
+#define MAP_ANONYMOUS MAP_ANON
+#endif
+		suhosin_config = mmap(NULL, sysconf(_SC_PAGESIZE), PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
+		if (suhosin_config == MAP_FAILED) {
+			perror("suhosin");
+			_exit(1);
+		}
+                suhosin_config = SUHOSIN_MANGLE_PTR(suhosin_config);
+	}
+	if (!SUHOSIN_CONFIG(SUHOSIN_CONFIG_SET)) {
+        suhosin_read_configuration_from_environment();
+        suhosin_write_protect_configuration();
+    }
+}
+
+static char *loglevel2string(int loglevel)
+{
+	switch (loglevel) {
+	    case S_FILES:
+		return "FILES";
+	    case S_INCLUDE:
+		return "INCLUDE";
+	    case S_MEMORY:
+		return "MEMORY";
+	    case S_MISC:
+		return "MISC";
+		case S_SESSION:
+		return "SESSION";
+	    case S_SQL:
+		return "SQL";
+	    case S_EXECUTOR:
+		return "EXECUTOR";
+	    case S_VARS:
+		return "VARS";
+	    default:
+		return "UNKNOWN";    
+	}
+}
+
+static void php_security_log(int loglevel, char *fmt, ...)
+{
+	int s, r, i=0;
+#if defined(AF_UNIX)
+	struct sockaddr_un saun;
+#endif
+#ifdef PHP_WIN32
+	LPTSTR strs[2];
+	unsigned short etype;
+	DWORD evid;
+#endif
+	char buf[4096+64];
+	char error[4096+100];
+	char *ip_address;
+	char *fname;
+	char *alertstring;
+	int lineno;
+	va_list ap;
+	TSRMLS_FETCH();
+
+	/*SDEBUG("(suhosin_log) loglevel: %d log_syslog: %u - log_sapi: %u - log_script: %u", loglevel, SPG(log_syslog), SPG(log_sapi), SPG(log_script));*/
+	
+	if (SPG(log_use_x_forwarded_for)) {
+		ip_address = sapi_getenv("HTTP_X_FORWARDED_FOR", 20 TSRMLS_CC);
+		if (ip_address == NULL) {
+			ip_address = "X-FORWARDED-FOR not set";
+		}
+	} else {
+		ip_address = sapi_getenv("REMOTE_ADDR", 11 TSRMLS_CC);
+		if (ip_address == NULL) {
+			ip_address = "REMOTE_ADDR not set";
+		}
+	}
+	
+	
+	va_start(ap, fmt);
+	ap_php_vsnprintf(error, sizeof(error), fmt, ap);
+	va_end(ap);
+	while (error[i]) {
+		if (error[i] < 32) error[i] = '.';
+		i++;
+	}
+	
+/*	if (SPG(simulation)) {
+		alertstring = "ALERT-SIMULATION";
+	} else { */
+		alertstring = "ALERT";
+/*	}*/
+	
+	if (zend_is_executing(TSRMLS_C)) {
+		if (EG(current_execute_data)) {
+			lineno = EG(current_execute_data)->opline->lineno;
+			fname = EG(current_execute_data)->op_array->filename;
+		} else {
+			lineno = zend_get_executed_lineno(TSRMLS_C);
+			fname = zend_get_executed_filename(TSRMLS_C);
+		}
+		ap_php_snprintf(buf, sizeof(buf), "%s - %s (attacker '%s', file '%s', line %u)", alertstring, error, ip_address, fname, lineno);
+	} else {
+		fname = sapi_getenv("SCRIPT_FILENAME", 15 TSRMLS_CC);
+		if (fname==NULL) {
+			fname = "unknown";
+		}
+		ap_php_snprintf(buf, sizeof(buf), "%s - %s (attacker '%s', file '%s')", alertstring, error, ip_address, fname);
+	}
+			
+	/* Syslog-Logging disabled? */
+	if (((SPG(log_syslog)|S_INTERNAL) & loglevel)==0) {
+		goto log_sapi;
+	}	
+	
+#if defined(AF_UNIX)
+	ap_php_snprintf(error, sizeof(error), "<%u>suhosin[%u]: %s\n", (unsigned int)(SPG(log_syslog_facility)|SPG(log_syslog_priority)),getpid(),buf);
+
+	s = socket(AF_UNIX, SOCK_DGRAM, 0);
+	if (s == -1) {
+		goto log_sapi;
+	}
+	
+	memset(&saun, 0, sizeof(saun));
+	saun.sun_family = AF_UNIX;
+	strcpy(saun.sun_path, SYSLOG_PATH);
+	/*saun.sun_len = sizeof(saun);*/
+	
+	r = connect(s, (struct sockaddr *)&saun, sizeof(saun));
+	if (r) {
+		close(s);
+    		s = socket(AF_UNIX, SOCK_STREAM, 0);
+		if (s == -1) {
+			goto log_sapi;
+		}
+	
+		memset(&saun, 0, sizeof(saun));
+		saun.sun_family = AF_UNIX;
+		strcpy(saun.sun_path, SYSLOG_PATH);
+		/*saun.sun_len = sizeof(saun);*/
+
+		r = connect(s, (struct sockaddr *)&saun, sizeof(saun));
+		if (r) { 
+			close(s);
+			goto log_sapi;
+		}
+	}
+	send(s, error, strlen(error), 0);
+	
+	close(s);
+#endif
+#ifdef PHP_WIN32
+	ap_php_snprintf(error, sizeof(error), "suhosin[%u]: %s", getpid(),buf);
+
+	switch (SPG(log_syslog_priority)) {			/* translate UNIX type into NT type */
+		case 1: /*LOG_ALERT:*/
+			etype = EVENTLOG_ERROR_TYPE;
+			break;
+		case 6: /*LOG_INFO:*/
+			etype = EVENTLOG_INFORMATION_TYPE;
+			break;
+		default:
+			etype = EVENTLOG_WARNING_TYPE;
+	}
+	evid = loglevel;
+	strs[0] = error;
+	/* report the event */
+	if (log_source == NULL) {
+		log_source = RegisterEventSource(NULL, "Suhosin-Patch-" SUHOSIN_PATCH_VERSION);
+	}
+	ReportEvent(log_source, etype, (unsigned short) SPG(log_syslog_priority), evid, NULL, 1, 0, strs, NULL);
+	
+#endif
+log_sapi:
+	/* SAPI Logging activated? */
+	/*SDEBUG("(suhosin_log) log_syslog: %u - log_sapi: %u - log_script: %u - log_phpscript: %u", SPG(log_syslog), SPG(log_sapi), SPG(log_script), SPG(log_phpscript));*/
+	if (((SPG(log_sapi)|S_INTERNAL) & loglevel)!=0) {
+		sapi_module.log_message(buf);
+	}
+
+/*log_script:*/
+	/* script logging activaed? */
+	if (((SPG(log_script) & loglevel)!=0) && SPG(log_scriptname)!=NULL) {
+		char cmd[8192], *cmdpos, *bufpos;
+		FILE *in;
+		int space;
+		
+		ap_php_snprintf(cmd, sizeof(cmd), "%s %s \'", SPG(log_scriptname), loglevel2string(loglevel));
+		space = sizeof(cmd) - strlen(cmd);
+		cmdpos = cmd + strlen(cmd);
+		bufpos = buf;
+		if (space <= 1) return;
+		while (space > 2 && *bufpos) {
+			if (*bufpos == '\'') {
+				if (space<=5) break;
+				*cmdpos++ = '\'';
+				*cmdpos++ = '\\';
+				*cmdpos++ = '\'';
+				*cmdpos++ = '\'';
+				bufpos++;
+				space-=4;
+			} else {
+				*cmdpos++ = *bufpos++;
+				space--;
+			}
+		}
+		*cmdpos++ = '\'';
+		*cmdpos = 0;
+		
+		if ((in=VCWD_POPEN(cmd, "r"))==NULL) {
+			php_security_log(S_INTERNAL, "Unable to execute logging shell script: %s", SPG(log_scriptname));
+			return;
+		}
+		/* read and forget the result */
+		while (1) {
+			int readbytes = fread(cmd, 1, sizeof(cmd), in);
+			if (readbytes<=0) {
+				break;
+			}
+		}
+		pclose(in);
+	}
+/*log_phpscript:*/
+	if ((SPG(log_phpscript) & loglevel)!=0 && EG(in_execution) && SPG(log_phpscriptname) && SPG(log_phpscriptname)[0]) {
+		zend_file_handle file_handle;
+		zend_op_array *new_op_array;
+		zval *result = NULL;
+		
+		/*long orig_execution_depth = SPG(execution_depth);*/
+		zend_bool orig_safe_mode = PG(safe_mode);
+		char *orig_basedir = PG(open_basedir);
+		
+		char *phpscript = SPG(log_phpscriptname);
+/*SDEBUG("scriptname %s", SPG(log_phpscriptname));`*/
+#ifdef ZEND_ENGINE_2
+		if (zend_stream_open(phpscript, &file_handle TSRMLS_CC) == SUCCESS) {
+#else
+		if (zend_open(phpscript, &file_handle) == SUCCESS && ZEND_IS_VALID_FILE_HANDLE(&file_handle)) {
+			file_handle.filename = phpscript;
+			file_handle.free_filename = 0;
+#endif		
+			if (!file_handle.opened_path) {
+				file_handle.opened_path = estrndup(phpscript, strlen(phpscript));
+			}
+			new_op_array = zend_compile_file(&file_handle, ZEND_REQUIRE TSRMLS_CC);
+			zend_destroy_file_handle(&file_handle TSRMLS_CC);
+			if (new_op_array) {
+				HashTable *active_symbol_table = EG(active_symbol_table);
+				zval *zerror, *zerror_class;
+				
+				if (active_symbol_table == NULL) {
+					active_symbol_table = &EG(symbol_table);
+				}
+				EG(return_value_ptr_ptr) = &result;
+				EG(active_op_array) = new_op_array;
+				
+				MAKE_STD_ZVAL(zerror);
+				MAKE_STD_ZVAL(zerror_class);
+				ZVAL_STRING(zerror, buf, 1);
+				ZVAL_LONG(zerror_class, loglevel);
+
+				zend_hash_update(active_symbol_table, "SUHOSIN_ERROR", sizeof("SUHOSIN_ERROR"), (void **)&zerror, sizeof(zval *), NULL);
+				zend_hash_update(active_symbol_table, "SUHOSIN_ERRORCLASS", sizeof("SUHOSIN_ERRORCLASS"), (void **)&zerror_class, sizeof(zval *), NULL);
+				
+				/*SPG(execution_depth) = 0;*/
+				if (SPG(log_phpscript_is_safe)) {
+					PG(safe_mode) = 0;
+					PG(open_basedir) = NULL;
+				}
+				
+				zend_execute(new_op_array TSRMLS_CC);
+				
+				/*SPG(execution_depth) = orig_execution_depth;*/
+				PG(safe_mode) = orig_safe_mode;
+				PG(open_basedir) = orig_basedir;
+				
+#ifdef ZEND_ENGINE_2
+				destroy_op_array(new_op_array TSRMLS_CC);
+#else
+				destroy_op_array(new_op_array);
+#endif
+				efree(new_op_array);
+#ifdef ZEND_ENGINE_2
+				if (!EG(exception))
+#endif			
+				{
+					if (EG(return_value_ptr_ptr)) {
+						zval_ptr_dtor(EG(return_value_ptr_ptr));
+						EG(return_value_ptr_ptr) = NULL;
+					}
+				}
+			} else {
+				php_security_log(S_INTERNAL, "Unable to execute logging PHP script: %s", SPG(log_phpscriptname));
+				return;
+			}
+		} else {
+			php_security_log(S_INTERNAL, "Unable to execute logging PHP script: %s", SPG(log_phpscriptname));
+			return;
+		}
+	}
+
+}
+
+
+#endif
+
+/*
+ * Local variables:
+ * tab-width: 4
+ * c-basic-offset: 4
+ * End:
+ * vim600: sw=4 ts=4 fdm=marker
+ * vim<600: sw=4 ts=4
+ */
diff -Naurp php-5.3.6RC1/main/suhosin_patch.h php-5.3.6RC1.oden/main/suhosin_patch.h
--- php-5.3.6RC1/main/suhosin_patch.h	1970-01-01 01:00:00.000000000 +0100
+++ php-5.3.6RC1.oden/main/suhosin_patch.h	2011-02-20 11:50:19.308837288 +0100
@@ -0,0 +1,59 @@
+/*
+   +----------------------------------------------------------------------+
+   | Suhosin Patch for PHP                                                |
+   +----------------------------------------------------------------------+
+   | Copyright (c) 2004-2010 Stefan Esser                                 |
+   +----------------------------------------------------------------------+
+   | This source file is subject to version 2.02 of the PHP license,      |
+   | that is bundled with this package in the file LICENSE, and is        |
+   | available at through the world-wide-web at                           |
+   | http://www.php.net/license/2_02.txt.                                 |
+   | If you did not receive a copy of the PHP license and are unable to   |
+   | obtain it through the world-wide-web, please send a note to          |
+   | license@php.net so we can mail you a copy immediately.               |
+   +----------------------------------------------------------------------+
+   | Author: Stefan Esser <stefan.esser@sektioneins.de>                   |
+   +----------------------------------------------------------------------+
+ */
+
+#ifndef SUHOSIN_PATCH_H
+#define SUHOSIN_PATCH_H
+
+#if SUHOSIN_PATCH
+
+#include "zend.h"
+
+#define SUHOSIN_PATCH_VERSION "0.9.10"
+
+#define SUHOSIN_LOGO_GUID "SUHO8567F54-D428-14d2-A769-00DA302A5F18"
+
+#define SUHOSIN_CONFIG(idx) (suhosin_get_config(idx))
+
+#define SUHOSIN_MM_USE_CANARY_PROTECTION        0
+#define SUHOSIN_MM_DESTROY_FREE_MEMORY          1
+#define SUHOSIN_MM_IGNORE_CANARY_VIOLATION      2
+#define SUHOSIN_HT_IGNORE_INVALID_DESTRUCTOR    3
+#define SUHOSIN_LL_IGNORE_INVALID_DESTRUCTOR    4
+
+#define SUHOSIN_CONFIG_SET                      100
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/mman.h>
+
+#if defined(DARWIN)
+#include <mach/vm_param.h>
+#endif
+
+#define SUHOSIN_MANGLE_PTR(ptr)   (ptr==NULL?NULL:((void *)((zend_intptr_t)(ptr)^SUHOSIN_POINTER_GUARD)))
+
+#endif
+
+#endif /* SUHOSIN_PATCH_H */
+
+/*
+ * Local variables:
+ * tab-width: 4
+ * c-basic-offset: 4
+ * End:
+ */
diff -Naurp php-5.3.6RC1/main/suhosin_patch.m4 php-5.3.6RC1.oden/main/suhosin_patch.m4
--- php-5.3.6RC1/main/suhosin_patch.m4	1970-01-01 01:00:00.000000000 +0100
+++ php-5.3.6RC1.oden/main/suhosin_patch.m4	2011-02-20 11:50:19.308837288 +0100
@@ -0,0 +1,8 @@
+dnl
+dnl $Id$
+dnl
+dnl This file contains Suhosin Patch for PHP specific autoconf functions.
+dnl
+
+AC_DEFINE(SUHOSIN_PATCH, 1, [Suhosin Patch])
+
diff -Naurp php-5.3.6RC1/sapi/apache/mod_php5.c php-5.3.6RC1.oden/sapi/apache/mod_php5.c
--- php-5.3.6RC1/sapi/apache/mod_php5.c	2011-01-01 03:19:59.000000000 +0100
+++ php-5.3.6RC1.oden/sapi/apache/mod_php5.c	2011-02-20 11:50:19.309837429 +0100
@@ -969,7 +969,11 @@ static void php_init_handler(server_rec
 	{
 		TSRMLS_FETCH();
 		if (PG(expose_php)) {
+#if SUHOSIN_PATCH
+			ap_add_version_component("PHP/" PHP_VERSION " with Suhosin-Patch");
+#else
 			ap_add_version_component("PHP/" PHP_VERSION);
+#endif
 		}
 	}
 #endif
diff -Naurp php-5.3.6RC1/sapi/apache2filter/sapi_apache2.c php-5.3.6RC1.oden/sapi/apache2filter/sapi_apache2.c
--- php-5.3.6RC1/sapi/apache2filter/sapi_apache2.c	2011-01-01 03:19:59.000000000 +0100
+++ php-5.3.6RC1.oden/sapi/apache2filter/sapi_apache2.c	2011-02-20 11:50:19.309837429 +0100
@@ -583,7 +583,11 @@ static void php_apache_add_version(apr_p
 {
 	TSRMLS_FETCH();
 	if (PG(expose_php)) {
+#if SUHOSIN_PATCH
+		ap_add_version_component(p, "PHP/" PHP_VERSION " with Suhosin-Patch");
+#else
 		ap_add_version_component(p, "PHP/" PHP_VERSION);
+#endif
 	}
 }
 
diff -Naurp php-5.3.6RC1/sapi/apache2handler/sapi_apache2.c php-5.3.6RC1.oden/sapi/apache2handler/sapi_apache2.c
--- php-5.3.6RC1/sapi/apache2handler/sapi_apache2.c	2011-02-20 11:45:04.141487654 +0100
+++ php-5.3.6RC1.oden/sapi/apache2handler/sapi_apache2.c	2011-02-20 11:50:19.310837570 +0100
@@ -407,7 +407,11 @@ static void php_apache_add_version(apr_p
 {
 	TSRMLS_FETCH();
 	if (PG(expose_php)) {
+#if SUHOSIN_PATCH
+		ap_add_version_component(p, "PHP/" PHP_VERSION " with Suhosin-Patch");
+#else
 		ap_add_version_component(p, "PHP/" PHP_VERSION);
+#endif
 	}
 }
 
diff -Naurp php-5.3.6RC1/sapi/apache_hooks/mod_php5.c php-5.3.6RC1.oden/sapi/apache_hooks/mod_php5.c
--- php-5.3.6RC1/sapi/apache_hooks/mod_php5.c	2011-01-01 03:19:59.000000000 +0100
+++ php-5.3.6RC1.oden/sapi/apache_hooks/mod_php5.c	2011-02-20 11:50:19.311837711 +0100
@@ -1256,7 +1256,11 @@ static void php_init_handler(server_rec
 	{
 		TSRMLS_FETCH();
 		if (PG(expose_php)) {
+#if SUHOSIN_PATCH
+			ap_add_version_component("PHP/" PHP_VERSION " with Suhosin-Patch");
+#else
 			ap_add_version_component("PHP/" PHP_VERSION);
+#endif
 		}
 	}
 #endif
--- php-5.3.9/sapi/cgi/cgi_main.c~	2012-01-11 21:40:09.000000000 +0200
+++ php-5.3.9/sapi/cgi/cgi_main.c	2012-01-11 21:43:37.468650443 +0200
@@ -1948,11 +1948,19 @@
 								SG(headers_sent) = 1;
 								SG(request_info).no_headers = 1;
 							}
+#if SUHOSIN_PATCH
+#if ZEND_DEBUG
+							php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2012 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+#else
+							php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s)\nCopyright (c) 1997-2012 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+#endif
+#else
 #if ZEND_DEBUG
 							php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2012 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
 #else
 							php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2012 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
 #endif
+#endif
 							php_request_shutdown((void *) 0);
 							fcgi_shutdown();
 							exit_status = 0;
--- php-5.3.9/sapi/cli/php_cli.c~	2012-01-01 15:15:04.000000000 +0200
+++ php-5.3.9/sapi/cli/php_cli.c	2012-01-11 21:44:56.122264808 +0200
@@ -826,7 +826,11 @@
 				}
 
 				request_started = 1;
-				php_printf("PHP %s (%s) (built: %s %s) %s\nCopyright (c) 1997-2012 The PHP Group\n%s",
+				php_printf("PHP %s "
+#if SUHOSIN_PATCH
+						"with Suhosin-Patch "
+#endif
+						"(%s) (built: %s %s) %s\nCopyright (c) 1997-2012 The PHP Group\n%s",
 					PHP_VERSION, sapi_module.name, __DATE__, __TIME__,
 #if ZEND_DEBUG && defined(HAVE_GCOV)
 					"(DEBUG GCOV)",
diff -Naurp php-5.3.6RC1/Zend/Makefile.am php-5.3.6RC1.oden/Zend/Makefile.am
--- php-5.3.6RC1/Zend/Makefile.am	2009-03-18 11:18:10.000000000 +0100
+++ php-5.3.6RC1.oden/Zend/Makefile.am	2011-02-20 11:50:19.316838414 +0100
@@ -17,7 +17,7 @@ libZend_la_SOURCES=\
 	zend_objects_API.c zend_ts_hash.c zend_stream.c \
 	zend_default_classes.c \
 	zend_iterators.c zend_interfaces.c zend_exceptions.c \
-	zend_strtod.c zend_closures.c zend_float.c
+	zend_strtod.c zend_closures.c zend_float.c zend_canary.c zend_alloc_canary.c 
 
 libZend_la_LDFLAGS =
 libZend_la_LIBADD = @ZEND_EXTRA_LIBS@
diff -Naurp php-5.3.6RC1/Zend/zend_alloc.c php-5.3.6RC1.oden/Zend/zend_alloc.c
--- php-5.3.6RC1/Zend/zend_alloc.c	2011-02-07 11:25:34.000000000 +0100
+++ php-5.3.6RC1.oden/Zend/zend_alloc.c	2011-02-20 11:50:19.318838696 +0100
@@ -32,6 +32,10 @@
 # include <unistd.h>
 #endif
 
+#if SUHOSIN_PATCH
+#include "suhosin_patch.h"
+#endif
+
 #ifdef ZEND_WIN32
 # include <wincrypt.h>
 # include <process.h>
@@ -59,6 +63,7 @@
 # define PTR_FMT "0x%0.8lx"
 #endif
 
+#ifndef SUHOSIN_MM_CLONE_FILE
 #if ZEND_DEBUG
 void zend_debug_alloc_output(char *format, ...)
 {
@@ -76,6 +81,7 @@ void zend_debug_alloc_output(char *forma
 #endif
 }
 #endif
+#endif
 
 #if (defined (__GNUC__) && __GNUC__ > 2 ) && !defined(__INTEL_COMPILER) && !defined(DARWIN) && !defined(__hpux) && !defined(_AIX)
 static void zend_mm_panic(const char *message) __attribute__ ((noreturn));
@@ -134,6 +140,8 @@ static void zend_mm_panic(const char *me
 # endif
 #endif
 
+static zend_intptr_t SUHOSIN_POINTER_GUARD = 0;
+
 static zend_mm_storage* zend_mm_mem_dummy_init(void *params)
 {
 	return malloc(sizeof(zend_mm_storage));
@@ -332,13 +340,28 @@ static const zend_mm_mem_handlers mem_ha
 #define	MEM_BLOCK_GUARD  0x2A8FCC84
 #define	MEM_BLOCK_LEAK   0x6C5E8F2D
 
+#if SUHOSIN_MM_WITH_CANARY_PROTECTION
+# define CANARY_SIZE sizeof(size_t)
+#else
+# define CANARY_SIZE 0
+#endif
+
 /* mm block type */
 typedef struct _zend_mm_block_info {
 #if ZEND_MM_COOKIES
 	size_t _cookie;
 #endif
-	size_t _size;
-	size_t _prev;
+#if SUHOSIN_MM_WITH_CANARY_PROTECTION
+	size_t canary_1;
+#endif
+  	size_t _size;
+  	size_t _prev;
+#if SUHOSIN_PATCH
+	size_t size;
+#if SUHOSIN_MM_WITH_CANARY_PROTECTION
+	size_t canary_2;
+#endif
+#endif
 } zend_mm_block_info;
 
 #if ZEND_DEBUG
@@ -412,7 +435,7 @@ typedef struct _zend_mm_free_block {
 # define ZEND_MM_CACHE_STAT 0
 #endif
 
-struct _zend_mm_heap {
+typedef struct _zend_mm_heap {
 	int                 use_zend_alloc;
 	void               *(*_malloc)(size_t);
 	void                (*_free)(void*);
@@ -447,6 +470,9 @@ struct _zend_mm_heap {
 		int miss;
 	} cache_stat[ZEND_MM_NUM_BUCKETS+1];
 #endif
+#if SUHOSIN_PATCH
+ 	size_t              canary_1,canary_2,canary_3;
+#endif
 };
 
 #define ZEND_MM_SMALL_FREE_BUCKET(heap, index) \
@@ -520,18 +546,31 @@ static unsigned int _zend_mm_cookie = 0;
 /* optimized access */
 #define ZEND_MM_FREE_BLOCK_SIZE(b)		(b)->info._size
 
+#ifndef ZEND_MM_ALIGNMENT
+# define ZEND_MM_ALIGNMENT 8
+# define ZEND_MM_ALIGNMENT_LOG2 3
+#elif ZEND_MM_ALIGNMENT < 4
+# undef ZEND_MM_ALIGNMENT
+# undef ZEND_MM_ALIGNMENT_LOG2
+# define ZEND_MM_ALIGNMENT 4
+# define ZEND_MM_ALIGNMENT_LOG2 2
+#endif
+
+#define ZEND_MM_ALIGNMENT_MASK ~(ZEND_MM_ALIGNMENT-1)
+
 /* Aligned header size */
+#define ZEND_MM_ALIGNED_SIZE(size)			((size + ZEND_MM_ALIGNMENT - 1) & ZEND_MM_ALIGNMENT_MASK)
 #define ZEND_MM_ALIGNED_HEADER_SIZE			ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_block))
 #define ZEND_MM_ALIGNED_FREE_HEADER_SIZE	ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_small_free_block))
-#define ZEND_MM_MIN_ALLOC_BLOCK_SIZE		ZEND_MM_ALIGNED_SIZE(ZEND_MM_ALIGNED_HEADER_SIZE + END_MAGIC_SIZE)
+#define ZEND_MM_MIN_ALLOC_BLOCK_SIZE		ZEND_MM_ALIGNED_SIZE(ZEND_MM_ALIGNED_HEADER_SIZE + END_MAGIC_SIZE + CANARY_SIZE)
 #define ZEND_MM_ALIGNED_MIN_HEADER_SIZE		(ZEND_MM_MIN_ALLOC_BLOCK_SIZE>ZEND_MM_ALIGNED_FREE_HEADER_SIZE?ZEND_MM_MIN_ALLOC_BLOCK_SIZE:ZEND_MM_ALIGNED_FREE_HEADER_SIZE)
 #define ZEND_MM_ALIGNED_SEGMENT_SIZE		ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_segment))
 
-#define ZEND_MM_MIN_SIZE					((ZEND_MM_ALIGNED_MIN_HEADER_SIZE>(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE))?(ZEND_MM_ALIGNED_MIN_HEADER_SIZE-(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE)):0)
+#define ZEND_MM_MIN_SIZE					((ZEND_MM_ALIGNED_MIN_HEADER_SIZE>(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE+CANARY_SIZE))?(ZEND_MM_ALIGNED_MIN_HEADER_SIZE-(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE+CANARY_SIZE)):0)
 
 #define ZEND_MM_MAX_SMALL_SIZE				((ZEND_MM_NUM_BUCKETS<<ZEND_MM_ALIGNMENT_LOG2)+ZEND_MM_ALIGNED_MIN_HEADER_SIZE)
 
-#define ZEND_MM_TRUE_SIZE(size)				((size<ZEND_MM_MIN_SIZE)?(ZEND_MM_ALIGNED_MIN_HEADER_SIZE):(ZEND_MM_ALIGNED_SIZE(size+ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE)))
+#define ZEND_MM_TRUE_SIZE(size)				((size<ZEND_MM_MIN_SIZE)?(ZEND_MM_ALIGNED_MIN_HEADER_SIZE):(ZEND_MM_ALIGNED_SIZE(size+ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE+CANARY_SIZE)))
 
 #define ZEND_MM_BUCKET_INDEX(true_size)		((true_size>>ZEND_MM_ALIGNMENT_LOG2)-(ZEND_MM_ALIGNED_MIN_HEADER_SIZE>>ZEND_MM_ALIGNMENT_LOG2))
 
@@ -593,6 +632,44 @@ static unsigned int _zend_mm_cookie = 0;
 
 #endif
 
+#if SUHOSIN_MM_WITH_CANARY_PROTECTION
+
+# define SUHOSIN_MM_CHECK_CANARIES(block, MFUNCTION) do { \
+        char *p = SUHOSIN_MM_END_CANARY_PTR(block); size_t check; \
+	if (((block)->info.canary_1 != heap->canary_1) || ((block)->info.canary_2 != heap->canary_2)) { \
+		canary_mismatch: \
+		zend_suhosin_log(S_MEMORY, "canary mismatch on " MFUNCTION " - heap overflow detected at %p", (block)); \
+                if (SUHOSIN_CONFIG(SUHOSIN_MM_IGNORE_CANARY_VIOLATION) == 0) { _exit(1); } else { (block)->info.canary_1 = heap->canary_1; (block)->info.canary_2 = heap->canary_2; }\
+	} \
+        memcpy(&check, p, CANARY_SIZE); \
+        if (check != heap->canary_3) { \
+                zend_suhosin_log(S_MEMORY, "end canary mismatch on " MFUNCTION " - heap overflow detected at %p", (block)); \
+                if (SUHOSIN_CONFIG(SUHOSIN_MM_IGNORE_CANARY_VIOLATION) == 0) { _exit(1); } else { memcpy(p, heap->canary_3, CANARY_SIZE); } \
+        } \
+	} while (0)
+
+# define SUHOSIN_MM_SET_CANARIES(block) do { \
+        (block)->info.canary_1 = heap->canary_1; \
+        (block)->info.canary_2 = heap->canary_2; \
+        } while (0)      
+
+# define SUHOSIN_MM_END_CANARY_PTR(block) \
+	(char *)(((char*)(ZEND_MM_DATA_OF(block))) + ((zend_mm_block*)(block))->info.size + END_MAGIC_SIZE)
+
+# define SUHOSIN_MM_SET_END_CANARY(block) do { \
+	char *p = SUHOSIN_MM_END_CANARY_PTR(block); \
+	memcpy(p, &heap->canary_3, CANARY_SIZE); \
+	} while (0)
+
+#else
+
+# define SUHOSIN_MM_CHECK_CANARIES(block, MFUNCTION)
+# define SUHOSIN_MM_SET_CANARIES(block)
+# define SUHOSIN_MM_END_CANARY_PTR(block)
+# define SUHOSIN_MM_SET_END_CANARY(block)
+
+#endif
+
 
 #if ZEND_MM_HEAP_PROTECTION
 
@@ -715,7 +792,7 @@ static inline unsigned int zend_mm_low_b
 #endif
 }
 
-static inline void zend_mm_add_to_rest_list(zend_mm_heap *heap, zend_mm_free_block *mm_block)
+static void zend_mm_add_to_rest_list(zend_mm_heap *heap, zend_mm_free_block *mm_block)
 {
 	zend_mm_free_block *prev, *next;
 
@@ -725,14 +802,14 @@ static inline void zend_mm_add_to_rest_l
 		mm_block->parent = NULL;
 	}
 
-	prev = heap->rest_buckets[0];
-	next = prev->next_free_block;
-	mm_block->prev_free_block = prev;
-	mm_block->next_free_block = next;
-	prev->next_free_block = next->prev_free_block = mm_block;
+	prev = SUHOSIN_MANGLE_PTR(heap->rest_buckets[0]);
+	next = SUHOSIN_MANGLE_PTR(prev->next_free_block);
+	mm_block->prev_free_block = SUHOSIN_MANGLE_PTR(prev);
+	mm_block->next_free_block = SUHOSIN_MANGLE_PTR(next);
+	prev->next_free_block = next->prev_free_block = SUHOSIN_MANGLE_PTR(mm_block);
 }
 
-static inline void zend_mm_add_to_free_list(zend_mm_heap *heap, zend_mm_free_block *mm_block)
+static void zend_mm_add_to_free_list(zend_mm_heap *heap, zend_mm_free_block *mm_block)
 {
 	size_t size;
 	size_t index;
@@ -749,7 +826,7 @@ static inline void zend_mm_add_to_free_l
 		if (!*p) {
 			*p = mm_block;
 			mm_block->parent = p;
-			mm_block->prev_free_block = mm_block->next_free_block = mm_block;
+			mm_block->prev_free_block = mm_block->next_free_block = SUHOSIN_MANGLE_PTR(mm_block);
 			heap->large_free_bitmap |= (ZEND_MM_LONG_CONST(1) << index);
 		} else {
 			size_t m;
@@ -762,15 +839,15 @@ static inline void zend_mm_add_to_free_l
 					if (!*p) {
 						*p = mm_block;
 						mm_block->parent = p;
-						mm_block->prev_free_block = mm_block->next_free_block = mm_block;
+						mm_block->prev_free_block = mm_block->next_free_block = SUHOSIN_MANGLE_PTR(mm_block);
 						break;
 					}
 				} else {
-					zend_mm_free_block *next = prev->next_free_block;
+					zend_mm_free_block *next = SUHOSIN_MANGLE_PTR(prev->next_free_block);
 
-					prev->next_free_block = next->prev_free_block = mm_block;
-					mm_block->next_free_block = next;
-					mm_block->prev_free_block = prev;
+					prev->next_free_block = next->prev_free_block = SUHOSIN_MANGLE_PTR(mm_block);
+					mm_block->next_free_block = SUHOSIN_MANGLE_PTR(next);
+					mm_block->prev_free_block = SUHOSIN_MANGLE_PTR(prev);
 					mm_block->parent = NULL;
 					break;
 				}
@@ -782,27 +859,33 @@ static inline void zend_mm_add_to_free_l
 		index = ZEND_MM_BUCKET_INDEX(size);
 
 		prev = ZEND_MM_SMALL_FREE_BUCKET(heap, index);
-		if (prev->prev_free_block == prev) {
+		if (SUHOSIN_MANGLE_PTR(prev->prev_free_block) == prev) {
 			heap->free_bitmap |= (ZEND_MM_LONG_CONST(1) << index);
 		}
-		next = prev->next_free_block;
+		next = SUHOSIN_MANGLE_PTR(prev->next_free_block);
 
-		mm_block->prev_free_block = prev;
-		mm_block->next_free_block = next;
-		prev->next_free_block = next->prev_free_block = mm_block;
+		mm_block->prev_free_block = SUHOSIN_MANGLE_PTR(prev);
+		mm_block->next_free_block = SUHOSIN_MANGLE_PTR(next);
+		prev->next_free_block = next->prev_free_block = SUHOSIN_MANGLE_PTR(mm_block);
 	}
 }
 
-static inline void zend_mm_remove_from_free_list(zend_mm_heap *heap, zend_mm_free_block *mm_block)
+static void zend_mm_remove_from_free_list(zend_mm_heap *heap, zend_mm_free_block *mm_block)
 {
-	zend_mm_free_block *prev = mm_block->prev_free_block;
-	zend_mm_free_block *next = mm_block->next_free_block;
+	zend_mm_free_block *prev = SUHOSIN_MANGLE_PTR(mm_block->prev_free_block);
+	zend_mm_free_block *next = SUHOSIN_MANGLE_PTR(mm_block->next_free_block);
 
 	ZEND_MM_CHECK_MAGIC(mm_block, MEM_BLOCK_FREED);
 
 	if (EXPECTED(prev == mm_block)) {
 		zend_mm_free_block **rp, **cp;
 
+#if SUHOSIN_PATCH
+                if (next != mm_block) {
+                        zend_suhosin_log(S_MEMORY, "zend_mm_heap corrupted at %p", mm_block);
+                        _exit(1);
+                }
+#endif
 #if ZEND_MM_SAFE_UNLINKING
 		if (UNEXPECTED(next != mm_block)) {
 			zend_mm_panic("zend_mm_heap corrupted");
@@ -841,14 +924,21 @@ subst_block:
 		}
 	} else {
 
+#if SUHOSIN_PATCH
+                if (SUHOSIN_MANGLE_PTR(prev->next_free_block) != mm_block || SUHOSIN_MANGLE_PTR(next->prev_free_block) != mm_block) {
+                        zend_suhosin_log(S_MEMORY, "zend_mm_head corrupted at %p", mm_block);
+		        _exit(1);
+                }
+#endif    
+
 #if ZEND_MM_SAFE_UNLINKING
-		if (UNEXPECTED(prev->next_free_block != mm_block) || UNEXPECTED(next->prev_free_block != mm_block)) {
+		if (UNEXPECTED(SUHOSIN_MANGLE_PTR(prev->next_free_block) != mm_block) || UNEXPECTED(SUHOSIN_MANGLE_PTR(next->prev_free_block) != mm_block)) {
 			zend_mm_panic("zend_mm_heap corrupted");
 		}
 #endif
 
-		prev->next_free_block = next;
-		next->prev_free_block = prev;
+		prev->next_free_block = SUHOSIN_MANGLE_PTR(next);
+		next->prev_free_block = SUHOSIN_MANGLE_PTR(prev);
 
 		if (EXPECTED(ZEND_MM_SMALL_SIZE(ZEND_MM_FREE_BLOCK_SIZE(mm_block)))) {
 			if (EXPECTED(prev == next)) {
@@ -864,7 +954,7 @@ subst_block:
 	}
 }
 
-static inline void zend_mm_init(zend_mm_heap *heap)
+static void zend_mm_init(zend_mm_heap *heap)
 {
 	zend_mm_free_block* p;
 	int i;
@@ -882,12 +972,19 @@ static inline void zend_mm_init(zend_mm_
 #endif
 	p = ZEND_MM_SMALL_FREE_BUCKET(heap, 0);
 	for (i = 0; i < ZEND_MM_NUM_BUCKETS; i++) {
-		p->next_free_block = p;
-		p->prev_free_block = p;
+		p->next_free_block = SUHOSIN_MANGLE_PTR(p);
+		p->prev_free_block = SUHOSIN_MANGLE_PTR(p);
 		p = (zend_mm_free_block*)((char*)p + sizeof(zend_mm_free_block*) * 2);
 		heap->large_free_buckets[i] = NULL;
 	}
-	heap->rest_buckets[0] = heap->rest_buckets[1] = ZEND_MM_REST_BUCKET(heap);
+	heap->rest_buckets[0] = heap->rest_buckets[1] = SUHOSIN_MANGLE_PTR(ZEND_MM_REST_BUCKET(heap));
+#if SUHOSIN_PATCH
+        if (SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION)) {
+	        zend_canary(&heap->canary_1, sizeof(heap->canary_1));
+	        zend_canary(&heap->canary_2, sizeof(heap->canary_2));
+	        zend_canary(&heap->canary_3, sizeof(heap->canary_3));
+	}
+#endif
 }
 
 static void zend_mm_del_segment(zend_mm_heap *heap, zend_mm_segment *segment)
@@ -908,12 +1005,13 @@ static void zend_mm_free_cache(zend_mm_h
 	int i;
 
 	for (i = 0; i < ZEND_MM_NUM_BUCKETS; i++) {
+		/* NULL means NULL even MANGLED */
 		if (heap->cache[i]) {
-			zend_mm_free_block *mm_block = heap->cache[i];
+			zend_mm_free_block *mm_block = SUHOSIN_MANGLE_PTR(heap->cache[i]);
 
 			while (mm_block) {
 				size_t size = ZEND_MM_BLOCK_SIZE(mm_block);
-				zend_mm_free_block *q = mm_block->prev_free_block;
+				zend_mm_free_block *q = SUHOSIN_MANGLE_PTR(mm_block->prev_free_block);
 				zend_mm_block *next_block = ZEND_MM_NEXT_BLOCK(mm_block);
 
 				heap->cached -= size;
@@ -1009,14 +1107,20 @@ static void zend_mm_random(unsigned char
 /* }}} */
 #endif
 
+
 /* Notes:
  * - This function may alter the block_sizes values to match platform alignment
  * - This function does *not* perform sanity checks on the arguments
  */
-ZEND_API zend_mm_heap *zend_mm_startup_ex(const zend_mm_mem_handlers *handlers, size_t block_size, size_t reserve_size, int internal, void *params)
+#if SUHOSIN_MM_WITH_CANARY_PROTECTION
+zend_mm_heap *__zend_mm_startup_canary_ex(const zend_mm_mem_handlers *handlers, size_t block_size, size_t reserve_size, int internal, void *params)
+#else
+static zend_mm_heap *__zend_mm_startup_ex(const zend_mm_mem_handlers *handlers, size_t block_size, size_t reserve_size, int internal, void *params)
+#endif
 {
 	zend_mm_storage *storage;
 	zend_mm_heap    *heap;
+        zend_mm_free_block *tmp;
 
 #if 0
 	int i;
@@ -1050,6 +1154,12 @@ ZEND_API zend_mm_heap *zend_mm_startup_e
 	}
 #endif
 
+        /* get the pointer guardian and ensure low 3 bits are 1 */
+        if (SUHOSIN_POINTER_GUARD == 0) {
+                zend_canary(&SUHOSIN_POINTER_GUARD, sizeof(SUHOSIN_POINTER_GUARD));
+                SUHOSIN_POINTER_GUARD |= 7;
+        }
+
 	if (zend_mm_low_bit(block_size) != zend_mm_high_bit(block_size)) {
 		fprintf(stderr, "'block_size' must be a power of two\n");
 /* See http://support.microsoft.com/kb/190351 */
@@ -1097,12 +1207,12 @@ ZEND_API zend_mm_heap *zend_mm_startup_e
 	heap->reserve = NULL;
 	heap->reserve_size = reserve_size;
 	if (reserve_size > 0) {
-		heap->reserve = _zend_mm_alloc_int(heap, reserve_size ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC);
+		heap->reserve = _zend_mm_alloc(heap, reserve_size ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC);
 	}
 	if (internal) {
 		int i;
 		zend_mm_free_block *p, *q, *orig;
-		zend_mm_heap *mm_heap = _zend_mm_alloc_int(heap, sizeof(zend_mm_heap)  ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC);
+		zend_mm_heap *mm_heap = _zend_mm_alloc(heap, sizeof(zend_mm_heap)  ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC);
 
 		*mm_heap = *heap;
 
@@ -1110,22 +1220,22 @@ ZEND_API zend_mm_heap *zend_mm_startup_e
 		orig = ZEND_MM_SMALL_FREE_BUCKET(heap, 0);
 		for (i = 0; i < ZEND_MM_NUM_BUCKETS; i++) {
 			q = p;
-			while (q->prev_free_block != orig) {
-				q = q->prev_free_block;
+			while (SUHOSIN_MANGLE_PTR(q->prev_free_block) != orig) {
+				q = SUHOSIN_MANGLE_PTR(q->prev_free_block);
 			}
-			q->prev_free_block = p;
+			q->prev_free_block = SUHOSIN_MANGLE_PTR(p);
 			q = p;
-			while (q->next_free_block != orig) {
-				q = q->next_free_block;
+			while (SUHOSIN_MANGLE_PTR(q->next_free_block) != orig) {
+				q = SUHOSIN_MANGLE_PTR(q->next_free_block);
 			}
-			q->next_free_block = p;
+			q->next_free_block = SUHOSIN_MANGLE_PTR(p);
 			p = (zend_mm_free_block*)((char*)p + sizeof(zend_mm_free_block*) * 2);
 			orig = (zend_mm_free_block*)((char*)orig + sizeof(zend_mm_free_block*) * 2);
 			if (mm_heap->large_free_buckets[i]) {
 				mm_heap->large_free_buckets[i]->parent = &mm_heap->large_free_buckets[i];
 			}
 		}
-		mm_heap->rest_buckets[0] = mm_heap->rest_buckets[1] = ZEND_MM_REST_BUCKET(mm_heap);
+		mm_heap->rest_buckets[0] = mm_heap->rest_buckets[1] = SUHOSIN_MANGLE_PTR(ZEND_MM_REST_BUCKET(mm_heap));
 
 		free(heap);
 		heap = mm_heap;
@@ -1133,7 +1243,11 @@ ZEND_API zend_mm_heap *zend_mm_startup_e
 	return heap;
 }
 
-ZEND_API zend_mm_heap *zend_mm_startup(void)
+#if SUHOSIN_MM_WITH_CANARY_PROTECTION
+zend_mm_heap *__zend_mm_startup_canary(void)
+#else
+static zend_mm_heap *__zend_mm_startup(void)
+#endif
 {
 	int i;
 	size_t seg_size;
@@ -1203,6 +1317,27 @@ ZEND_API zend_mm_heap *zend_mm_startup(v
 	return heap;
 }
 
+#ifndef SUHOSIN_MM_CLONE_FILE
+zend_mm_heap_canary *__zend_mm_startup_canary_ex(const zend_mm_mem_handlers *handlers, size_t block_size, size_t reserve_size, int internal, void *params);
+zend_mm_heap_canary *__zend_mm_startup_canary(void);
+
+ZEND_API zend_mm_heap *zend_mm_startup_ex(const zend_mm_mem_handlers *handlers, size_t block_size, size_t reserve_size, int internal, void *params)
+{
+        if (SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION)) {
+                return (zend_mm_heap *)__zend_mm_startup_canary_ex(handlers, block_size, reserve_size, internal, params);
+        }
+        return __zend_mm_startup_ex(handlers, block_size, reserve_size, internal, params);
+}
+ZEND_API zend_mm_heap *zend_mm_startup(void)
+{
+        if (SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION)) {
+                return (zend_mm_heap *)__zend_mm_startup_canary();
+        }
+        return __zend_mm_startup();        
+}
+
+#endif
+
 #if ZEND_DEBUG
 static long zend_mm_find_leaks(zend_mm_segment *segment, zend_mm_block *b)
 {
@@ -1571,7 +1706,11 @@ static int zend_mm_check_heap(zend_mm_he
 }
 #endif
 
-ZEND_API void zend_mm_shutdown(zend_mm_heap *heap, int full_shutdown, int silent TSRMLS_DC)
+#if SUHOSIN_MM_WITH_CANARY_PROTECTION
+void __zend_mm_shutdown_canary(zend_mm_heap *heap, int full_shutdown, int silent TSRMLS_DC)
+#else
+static void __zend_mm_shutdown(zend_mm_heap *heap, int full_shutdown, int silent TSRMLS_DC)
+#endif
 {
 	zend_mm_storage *storage;
 	zend_mm_segment *segment;
@@ -1581,7 +1720,7 @@ ZEND_API void zend_mm_shutdown(zend_mm_h
 	if (heap->reserve) {
 #if ZEND_DEBUG
 		if (!silent) {
-			_zend_mm_free_int(heap, heap->reserve ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC);
+			_zend_mm_free(heap, heap->reserve ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC);
 		}
 #endif
 		heap->reserve = NULL;
@@ -1664,12 +1803,23 @@ ZEND_API void zend_mm_shutdown(zend_mm_h
 		heap->size = 0;
 		heap->peak = 0;
 		if (heap->reserve_size) {
-			heap->reserve = _zend_mm_alloc_int(heap, heap->reserve_size  ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC);
+			heap->reserve = _zend_mm_alloc(heap, heap->reserve_size  ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC);
 		}
 		heap->overflow = 0;
 	}
 }
 
+#ifndef SUHOSIN_MM_CLONE_FILE
+ZEND_API void zend_mm_shutdown(zend_mm_heap *heap, int full_shutdown, int silent TSRMLS_DC)
+{
+        if (SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION)) {
+                __zend_mm_shutdown_canary(heap, full_shutdown, silent TSRMLS_CC);
+                return;
+        }
+        __zend_mm_shutdown(heap, full_shutdown, silent TSRMLS_CC);
+}
+#endif
+
 static void zend_mm_safe_error(zend_mm_heap *heap,
 	const char *format,
 	size_t limit,
@@ -1680,7 +1830,11 @@ static void zend_mm_safe_error(zend_mm_h
 	size_t size)
 {
 	if (heap->reserve) {
+#if SUHOSIN_MM_WITH_CANARY_PROTECTION	        
+		_zend_mm_free_canary_int(heap, heap->reserve ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC);
+#else
 		_zend_mm_free_int(heap, heap->reserve ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC);
+#endif
 		heap->reserve = NULL;
 	}
 	if (heap->overflow == 0) {
@@ -1755,7 +1909,7 @@ static zend_mm_free_block *zend_mm_searc
 		p = heap->large_free_buckets[index];
 		for (m = true_size << (ZEND_MM_NUM_BUCKETS - index); ; m <<= 1) {
 			if (UNEXPECTED(ZEND_MM_FREE_BLOCK_SIZE(p) == true_size)) {
-				return p->next_free_block;
+				return SUHOSIN_MANGLE_PTR(p->next_free_block);
 			} else if (ZEND_MM_FREE_BLOCK_SIZE(p) >= true_size &&
 			           ZEND_MM_FREE_BLOCK_SIZE(p) < best_size) {
 				best_size = ZEND_MM_FREE_BLOCK_SIZE(p);
@@ -1779,7 +1933,7 @@ static zend_mm_free_block *zend_mm_searc
 
 		for (p = rst; p; p = p->child[p->child[0] != NULL]) {
 			if (UNEXPECTED(ZEND_MM_FREE_BLOCK_SIZE(p) == true_size)) {
-				return p->next_free_block;
+				return SUHOSIN_MANGLE_PTR(p->next_free_block);
 			} else if (ZEND_MM_FREE_BLOCK_SIZE(p) > true_size &&
 			           ZEND_MM_FREE_BLOCK_SIZE(p) < best_size) {
 				best_size = ZEND_MM_FREE_BLOCK_SIZE(p);
@@ -1788,7 +1942,7 @@ static zend_mm_free_block *zend_mm_searc
 		}
 
 		if (best_fit) {
-			return best_fit->next_free_block;
+			return SUHOSIN_MANGLE_PTR(best_fit->next_free_block);
 		}
 		bitmap = bitmap >> 1;
 		if (!bitmap) {
@@ -1804,9 +1958,12 @@ static zend_mm_free_block *zend_mm_searc
 			best_fit = p;
 		}
 	}
-	return best_fit->next_free_block;
+	return SUHOSIN_MANGLE_PTR(best_fit->next_free_block);
 }
 
+#if SUHOSIN_PATCH
+void *_zend_mm_alloc_canary_int(zend_mm_heap_canary *heap, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC);
+#endif
 static void *_zend_mm_alloc_int(zend_mm_heap *heap, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
 {
 	zend_mm_free_block *best_fit;
@@ -1816,7 +1973,7 @@ static void *_zend_mm_alloc_int(zend_mm_
 	size_t segment_size;
 	zend_mm_segment *segment;
 	int keep_rest = 0;
-
+	
 	if (EXPECTED(ZEND_MM_SMALL_SIZE(true_size))) {
 		size_t index = ZEND_MM_BUCKET_INDEX(true_size);
 		size_t bitmap;
@@ -1831,9 +1988,14 @@ static void *_zend_mm_alloc_int(zend_mm_
 			heap->cache_stat[index].count--;
 			heap->cache_stat[index].hit++;
 #endif
-			best_fit = heap->cache[index];
+			best_fit = SUHOSIN_MANGLE_PTR(heap->cache[index]);
 			heap->cache[index] = best_fit->prev_free_block;
 			heap->cached -= true_size;
+#if SUHOSIN_PATCH
+                        SUHOSIN_MM_SET_CANARIES(best_fit);
+                        ((zend_mm_block*)best_fit)->info.size = size;
+                        SUHOSIN_MM_SET_END_CANARY(best_fit);
+#endif			
 			ZEND_MM_CHECK_MAGIC(best_fit, MEM_BLOCK_CACHED);
 			ZEND_MM_SET_DEBUG_INFO(best_fit, size, 1, 0);
 			return ZEND_MM_DATA_OF(best_fit);
@@ -1847,7 +2009,7 @@ static void *_zend_mm_alloc_int(zend_mm_
 		if (bitmap) {
 			/* Found some "small" free block that can be used */
 			index += zend_mm_low_bit(bitmap);
-			best_fit = heap->free_buckets[index*2];
+			best_fit = SUHOSIN_MANGLE_PTR(heap->free_buckets[index*2]);
 #if ZEND_MM_CACHE_STAT
 			heap->cache_stat[ZEND_MM_NUM_BUCKETS].hit++;
 #endif
@@ -1862,7 +2024,7 @@ static void *_zend_mm_alloc_int(zend_mm_
 	best_fit = zend_mm_search_large_block(heap, true_size);
 
 	if (!best_fit && heap->real_size >= heap->limit - heap->block_size) {
-		zend_mm_free_block *p = heap->rest_buckets[0];
+		zend_mm_free_block *p = SUHOSIN_MANGLE_PTR(heap->rest_buckets[0]);
 		size_t best_size = -1;
 
 		while (p != ZEND_MM_REST_BUCKET(heap)) {
@@ -1874,7 +2036,7 @@ static void *_zend_mm_alloc_int(zend_mm_
 				best_size = ZEND_MM_FREE_BLOCK_SIZE(p);
 				best_fit = p;
 			}
-			p = p->prev_free_block;
+			p = SUHOSIN_MANGLE_PTR(p->prev_free_block);
 		}
 	}
 
@@ -1973,13 +2135,19 @@ zend_mm_finished_searching_for_block:
 
 	ZEND_MM_SET_DEBUG_INFO(best_fit, size, 1, 1);
 
+#if SUHOSIN_PATCH
+        SUHOSIN_MM_SET_CANARIES(best_fit);
+        ((zend_mm_block*)best_fit)->info.size = size;
+        SUHOSIN_MM_SET_END_CANARY(best_fit);
+#endif
+        
 	heap->size += true_size;
 	if (heap->peak < heap->size) {
 		heap->peak = heap->size;
 	}
 
 	HANDLE_UNBLOCK_INTERRUPTIONS();
-
+	
 	return ZEND_MM_DATA_OF(best_fit);
 }
 
@@ -1996,19 +2164,26 @@ static void _zend_mm_free_int(zend_mm_he
 
 	mm_block = ZEND_MM_HEADER_OF(p);
 	size = ZEND_MM_BLOCK_SIZE(mm_block);
+#if SUHOSIN_PATCH
+        SUHOSIN_MM_CHECK_CANARIES(mm_block, "efree()");
+#endif    
 	ZEND_MM_CHECK_PROTECTION(mm_block);
 
 #if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION
 	memset(ZEND_MM_DATA_OF(mm_block), 0x5a, mm_block->debug.size);
 #endif
-
+#if SUHOSIN_PATCH
+        if (UNEXPECTED(SUHOSIN_CONFIG(SUHOSIN_MM_DESTROY_FREE_MEMORY))) {
+                memset(ZEND_MM_DATA_OF(mm_block), 0x5a, mm_block->info.size);
+        }
+#endif
 #if ZEND_MM_CACHE
 	if (EXPECTED(ZEND_MM_SMALL_SIZE(size)) && EXPECTED(heap->cached < ZEND_MM_CACHE_SIZE)) {
 		size_t index = ZEND_MM_BUCKET_INDEX(size);
 		zend_mm_free_block **cache = &heap->cache[index];
 
 		((zend_mm_free_block*)mm_block)->prev_free_block = *cache;
-		*cache = (zend_mm_free_block*)mm_block;
+		*cache = (zend_mm_free_block*)SUHOSIN_MANGLE_PTR(mm_block);
 		heap->cached += size;
 		ZEND_MM_SET_MAGIC(mm_block, MEM_BLOCK_CACHED);
 #if ZEND_MM_CACHE_STAT
@@ -2044,6 +2219,9 @@ static void _zend_mm_free_int(zend_mm_he
 	HANDLE_UNBLOCK_INTERRUPTIONS();
 }
 
+#if SUHOSIN_PATCH
+void *_zend_mm_realloc_canary_int(zend_mm_heap_canary *heap, void *p, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC);
+#endif
 static void *_zend_mm_realloc_int(zend_mm_heap *heap, void *p, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
 {
 	zend_mm_block *mm_block = ZEND_MM_HEADER_OF(p);
@@ -2053,11 +2231,18 @@ static void *_zend_mm_realloc_int(zend_m
 	void *ptr;
 
 	if (UNEXPECTED(!p) || !ZEND_MM_VALID_PTR(p)) {
+#ifdef SUHOSIN_MM_WITH_CANARY_PROTECTION
+		return _zend_mm_alloc_canary_int(heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+#else
 		return _zend_mm_alloc_int(heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+#endif
 	}
 	mm_block = ZEND_MM_HEADER_OF(p);
 	true_size = ZEND_MM_TRUE_SIZE(size);
 	orig_size = ZEND_MM_BLOCK_SIZE(mm_block);
+#if SUHOSIN_PATCH
+        SUHOSIN_MM_CHECK_CANARIES(mm_block, "erealloc()");
+#endif	
 	ZEND_MM_CHECK_PROTECTION(mm_block);
 
 	if (UNEXPECTED(true_size < size)) {
@@ -2089,6 +2274,11 @@ static void *_zend_mm_realloc_int(zend_m
 			HANDLE_UNBLOCK_INTERRUPTIONS();
 		}
 		ZEND_MM_SET_DEBUG_INFO(mm_block, size, 0, 0);
+#if SUHOSIN_PATCH
+                SUHOSIN_MM_SET_CANARIES(mm_block);
+                ((zend_mm_block*)mm_block)->info.size = size;
+                SUHOSIN_MM_SET_END_CANARY(mm_block);
+#endif
 		return p;
 	}
 
@@ -2104,17 +2294,22 @@ static void *_zend_mm_realloc_int(zend_m
 			heap->cache_stat[index].count--;
 			heap->cache_stat[index].hit++;
 #endif
-			best_fit = heap->cache[index];
+			best_fit = SUHOSIN_MANGLE_PTR(heap->cache[index]);
 			heap->cache[index] = best_fit->prev_free_block;
 			ZEND_MM_CHECK_MAGIC(best_fit, MEM_BLOCK_CACHED);
-			ZEND_MM_SET_DEBUG_INFO(best_fit, size, 1, 0);
-	
+			ZEND_MM_SET_DEBUG_INFO(best_fit, size, 1, 0);                        	
+#if SUHOSIN_PATCH
+                        SUHOSIN_MM_SET_CANARIES(best_fit);
+                        ((zend_mm_block*)best_fit)->info.size = size;
+                        SUHOSIN_MM_SET_END_CANARY(best_fit);
+#endif
+
 			ptr = ZEND_MM_DATA_OF(best_fit);
 
 #if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION
 			memcpy(ptr, p, mm_block->debug.size);
 #else
-			memcpy(ptr, p, orig_size - ZEND_MM_ALIGNED_HEADER_SIZE);
+			memcpy(ptr, p, orig_size - ZEND_MM_ALIGNED_HEADER_SIZE - CANARY_SIZE);
 #endif
 
 			heap->cached -= true_size - orig_size;
@@ -2123,14 +2318,13 @@ static void *_zend_mm_realloc_int(zend_m
 			cache = &heap->cache[index];
 
 			((zend_mm_free_block*)mm_block)->prev_free_block = *cache;
-			*cache = (zend_mm_free_block*)mm_block;
+			*cache = (zend_mm_free_block*)SUHOSIN_MANGLE_PTR(mm_block);
 			ZEND_MM_SET_MAGIC(mm_block, MEM_BLOCK_CACHED);
 #if ZEND_MM_CACHE_STAT
 			if (++heap->cache_stat[index].count > heap->cache_stat[index].max_count) {
 				heap->cache_stat[index].max_count = heap->cache_stat[index].count;
 			}
 #endif
-
 			return ptr;
 		}
 	}
@@ -2173,6 +2367,11 @@ static void *_zend_mm_realloc_int(zend_m
 				heap->peak = heap->size;
 			}
 			HANDLE_UNBLOCK_INTERRUPTIONS();
+#if SUHOSIN_PATCH
+                        SUHOSIN_MM_SET_CANARIES(mm_block);
+                        ((zend_mm_block*)mm_block)->info.size = size;
+                        SUHOSIN_MM_SET_END_CANARY(mm_block);
+#endif
 			return p;
 		} else if (ZEND_MM_IS_FIRST_BLOCK(mm_block) &&
 				   ZEND_MM_IS_GUARD_BLOCK(ZEND_MM_BLOCK_AT(next_block, ZEND_MM_FREE_BLOCK_SIZE(next_block)))) {
@@ -2275,38 +2474,90 @@ out_of_memory:
 		}
 
 		HANDLE_UNBLOCK_INTERRUPTIONS();
+#if SUHOSIN_PATCH
+                SUHOSIN_MM_SET_CANARIES(mm_block);
+                ((zend_mm_block*)mm_block)->info.size = size;
+                SUHOSIN_MM_SET_END_CANARY(mm_block);
+#endif
 		return ZEND_MM_DATA_OF(mm_block);
 	}
 
+#ifdef SUHOSIN_MM_WITH_CANARY_PROTECTION
+	ptr = _zend_mm_alloc_canary_int(heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+#else
 	ptr = _zend_mm_alloc_int(heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+#endif
 #if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION
 	memcpy(ptr, p, mm_block->debug.size);
 #else
-	memcpy(ptr, p, orig_size - ZEND_MM_ALIGNED_HEADER_SIZE);
+	memcpy(ptr, p, orig_size - ZEND_MM_ALIGNED_HEADER_SIZE - CANARY_SIZE);
 #endif
+#ifdef SUHOSIN_MM_WITH_CANARY_PROTECTION
+	_zend_mm_free_canary_int(heap, p ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+#else
 	_zend_mm_free_int(heap, p ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+#endif
 	return ptr;
 }
 
+#ifndef SUHOSIN_MM_CLONE_FILE
 ZEND_API void *_zend_mm_alloc(zend_mm_heap *heap, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
 {
-	return _zend_mm_alloc_int(heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+#if SUHOSIN_PATCH	
+	if (UNEXPECTED(SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION) == 0))
+#endif
+	        return _zend_mm_alloc_int(heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+#if SUHOSIN_PATCH
+        return _zend_mm_alloc_canary_int((zend_mm_heap_canary *)heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+#endif
 }
 
 ZEND_API void _zend_mm_free(zend_mm_heap *heap, void *p ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
 {
-	_zend_mm_free_int(heap, p ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+#if SUHOSIN_PATCH	
+	if (UNEXPECTED(SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION) == 0))
+#endif
+                { _zend_mm_free_int(heap, p ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); return; }
+#if SUHOSIN_PATCH
+        _zend_mm_free_canary_int((zend_mm_heap_canary *)heap, p ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+#endif
 }
 
 ZEND_API void *_zend_mm_realloc(zend_mm_heap *heap, void *ptr, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
 {
-	return _zend_mm_realloc_int(heap, ptr, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+#if SUHOSIN_PATCH	
+	if (UNEXPECTED(SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION) == 0))
+#endif
+        	return _zend_mm_realloc_int(heap, ptr, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+#if SUHOSIN_PATCH	
+	return _zend_mm_realloc_canary_int((zend_mm_heap_canary *)heap, ptr, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+#endif
 }
 
 ZEND_API size_t _zend_mm_block_size(zend_mm_heap *heap, void *p ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
 {
 	zend_mm_block *mm_block;
 
+	if (SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION) != 0) {
+                return _zend_mm_block_size_canary((zend_mm_heap_canary *)heap, p ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+	}
+
+	if (!ZEND_MM_VALID_PTR(p)) {
+		return 0;
+	}
+	mm_block = ZEND_MM_HEADER_OF(p);
+	ZEND_MM_CHECK_PROTECTION(mm_block);
+#if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION
+	return mm_block->debug.size;
+#else
+	return ZEND_MM_BLOCK_SIZE(mm_block);
+#endif
+}
+#else
+ZEND_API size_t _zend_mm_block_size_canary(zend_mm_heap *heap, void *p ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
+{
+	zend_mm_block *mm_block;
+
 	if (!ZEND_MM_VALID_PTR(p)) {
 		return 0;
 	}
@@ -2319,6 +2570,8 @@ ZEND_API size_t _zend_mm_block_size(zend
 #endif
 }
 
+#endif
+
 /**********************/
 /* Allocation Manager */
 /**********************/
@@ -2335,6 +2588,7 @@ static int alloc_globals_id;
 static zend_alloc_globals alloc_globals;
 #endif
 
+#ifndef SUHOSIN_MM_CLONE_FILE
 ZEND_API int is_zend_mm(TSRMLS_D)
 {
 	return AG(mm_heap)->use_zend_alloc;
@@ -2347,7 +2601,13 @@ ZEND_API void *_emalloc(size_t size ZEND
 	if (UNEXPECTED(!AG(mm_heap)->use_zend_alloc)) {
 		return AG(mm_heap)->_malloc(size);
 	}
+#if SUHOSIN_PATCH	
+	if (UNEXPECTED(SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION) == 0))
+#endif
 	return _zend_mm_alloc_int(AG(mm_heap), size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+#if SUHOSIN_PATCH	
+        return _zend_mm_alloc_canary_int((zend_mm_heap_canary *)AG(mm_heap), size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+#endif
 }
 
 ZEND_API void _efree(void *ptr ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
@@ -2358,7 +2618,13 @@ ZEND_API void _efree(void *ptr ZEND_FILE
 		AG(mm_heap)->_free(ptr);
 		return;
 	}
-	_zend_mm_free_int(AG(mm_heap), ptr ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+#if SUHOSIN_PATCH	
+	if (UNEXPECTED(SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION) == 0))
+#endif
+                { _zend_mm_free_int(AG(mm_heap), ptr ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); return; }
+#if SUHOSIN_PATCH	
+        _zend_mm_free_canary_int((zend_mm_heap_canary *)AG(mm_heap), ptr ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+#endif
 }
 
 ZEND_API void *_erealloc(void *ptr, size_t size, int allow_failure ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
@@ -2368,7 +2634,13 @@ ZEND_API void *_erealloc(void *ptr, size
 	if (UNEXPECTED(!AG(mm_heap)->use_zend_alloc)) {
 		return AG(mm_heap)->_realloc(ptr, size);
 	}
+#if SUHOSIN_PATCH	
+	if (UNEXPECTED(SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION) == 0))
+#endif
 	return _zend_mm_realloc_int(AG(mm_heap), ptr, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+#if SUHOSIN_PATCH	
+        return _zend_mm_realloc_canary_int((zend_mm_heap_canary *)AG(mm_heap), ptr, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+#endif
 }
 
 ZEND_API size_t _zend_mem_block_size(void *ptr TSRMLS_DC ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
@@ -2376,8 +2648,15 @@ ZEND_API size_t _zend_mem_block_size(voi
 	if (UNEXPECTED(!AG(mm_heap)->use_zend_alloc)) {
 		return 0;
 	}
-	return _zend_mm_block_size(AG(mm_heap), ptr ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+#if SUHOSIN_PATCH	
+	if (UNEXPECTED(SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION) == 0))
+#endif
+        	return _zend_mm_block_size(AG(mm_heap), ptr ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+#if SUHOSIN_PATCH	
+	return _zend_mm_block_size_canary((zend_mm_heap_canary *)AG(mm_heap), ptr ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+#endif
 }
+#endif
 
 #if defined(__GNUC__) && defined(i386)
 
@@ -2448,7 +2727,7 @@ static inline size_t safe_address(size_t
 }
 #endif
 
-
+#ifndef SUHOSIN_MM_CLONE_FILE
 ZEND_API void *_safe_emalloc(size_t nmemb, size_t size, size_t offset ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
 {
 	return emalloc_rel(safe_address(nmemb, size, offset));
@@ -2561,6 +2840,7 @@ ZEND_API void shutdown_memory_manager(in
 {
 	zend_mm_shutdown(AG(mm_heap), full_shutdown, silent TSRMLS_CC);
 }
+#endif
 
 static void alloc_globals_ctor(zend_alloc_globals *alloc_globals TSRMLS_DC)
 {
@@ -2585,6 +2865,7 @@ static void alloc_globals_dtor(zend_allo
 }
 #endif
 
+#ifndef SUHOSIN_MM_CLONE_FILE
 ZEND_API void start_memory_manager(TSRMLS_D)
 {
 #ifdef ZTS
@@ -2649,6 +2930,7 @@ ZEND_API void _full_mem_check(int silent
 	zend_debug_alloc_output("------------------------------------------------\n");
 }
 #endif
+#endif
 
 /*
  * Local variables:
diff -Naurp php-5.3.6RC1/Zend/zend_alloc_canary.c php-5.3.6RC1.oden/Zend/zend_alloc_canary.c
--- php-5.3.6RC1/Zend/zend_alloc_canary.c	1970-01-01 01:00:00.000000000 +0100
+++ php-5.3.6RC1.oden/Zend/zend_alloc_canary.c	2011-02-20 11:50:19.320838976 +0100
@@ -0,0 +1,2498 @@
+/*
+   +----------------------------------------------------------------------+
+   | Suhosin-Patch for PHP                                                |
+   +----------------------------------------------------------------------+
+   | Copyright (c) 2004-2010 Stefan Esser                                 |
+   +----------------------------------------------------------------------+
+   | This source file is subject to version 2.02 of the PHP license,      |
+   | that is bundled with this package in the file LICENSE, and is        |
+   | available at through the world-wide-web at                           |
+   | http://www.php.net/license/2_02.txt.                                 |
+   | If you did not receive a copy of the PHP license and are unable to   |
+   | obtain it through the world-wide-web, please send a note to          |
+   | license@php.net so we can mail you a copy immediately.               |
+   +----------------------------------------------------------------------+
+   | Author: Stefan Esser <stefan.esser@sektioneins.de>                   |
+   +----------------------------------------------------------------------+
+ */
+/* $Id$ */
+
+#include "zend.h"
+#include "zend_alloc.h"
+#include "zend_globals.h"
+#include "zend_operators.h"
+
+#ifdef HAVE_SIGNAL_H
+# include <signal.h>
+#endif
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif
+
+#if SUHOSIN_PATCH
+#include "suhosin_patch.h"
+#endif
+
+#ifdef ZEND_WIN32
+# include <wincrypt.h>
+# include <process.h>
+#endif
+
+#ifndef ZEND_MM_HEAP_PROTECTION
+# define ZEND_MM_HEAP_PROTECTION ZEND_DEBUG
+#endif
+
+#ifndef ZEND_MM_SAFE_UNLINKING
+# define ZEND_MM_SAFE_UNLINKING 1
+#endif
+
+#ifndef ZEND_MM_COOKIES
+# define ZEND_MM_COOKIES ZEND_DEBUG
+#endif
+
+#ifdef _WIN64
+# define PTR_FMT "0x%0.16I64x"
+/*
+#elif sizeof(long) == 8
+# define PTR_FMT "0x%0.16lx"
+*/
+#else
+# define PTR_FMT "0x%0.8lx"
+#endif
+
+#define SUHOSIN_MM_WITH_CANARY_PROTECTION 1
+
+#if (defined (__GNUC__) && __GNUC__ > 2 ) && !defined(__INTEL_COMPILER) && !defined(DARWIN) && !defined(__hpux) && !defined(_AIX)
+static void zend_mm_panic(const char *message) __attribute__ ((noreturn));
+#endif
+
+static void zend_mm_panic(const char *message)
+{
+	fprintf(stderr, "%s\n", message);
+/* See http://support.microsoft.com/kb/190351 */
+#ifdef PHP_WIN32
+	fflush(stderr);
+#endif
+#if ZEND_DEBUG && defined(HAVE_KILL) && defined(HAVE_GETPID)
+	kill(getpid(), SIGSEGV);
+#endif
+	exit(1);
+}
+
+/*******************/
+/* Storage Manager */
+/*******************/
+
+#ifdef ZEND_WIN32
+#  define HAVE_MEM_WIN32    /* use VirtualAlloc() to allocate memory     */
+#endif
+#define HAVE_MEM_MALLOC     /* use malloc() to allocate segments         */
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#if HAVE_LIMITS_H
+#include <limits.h>
+#endif
+#include <fcntl.h>
+#include <errno.h>
+
+#if defined(HAVE_MEM_MMAP_ANON) || defined(HAVE_MEM_MMAP_ZERO)
+# ifdef HAVE_MREMAP
+#  ifndef _GNU_SOURCE
+#   define _GNU_SOURCE
+#  endif
+#  ifndef __USE_GNU
+#   define __USE_GNU
+#  endif
+# endif
+# include <sys/mman.h>
+# ifndef MAP_ANON
+#  ifdef MAP_ANONYMOUS
+#   define MAP_ANON MAP_ANONYMOUS
+#  endif
+# endif
+# ifndef MREMAP_MAYMOVE
+#  define MREMAP_MAYMOVE 0
+# endif
+# ifndef MAP_FAILED
+#  define MAP_FAILED ((void*)-1)
+# endif
+#endif
+
+static zend_intptr_t SUHOSIN_POINTER_GUARD = 0;
+
+static zend_mm_storage* zend_mm_mem_dummy_init(void *params)
+{
+	return malloc(sizeof(zend_mm_storage));
+}
+
+static void zend_mm_mem_dummy_dtor(zend_mm_storage *storage)
+{
+	free(storage);
+}
+
+static void zend_mm_mem_dummy_compact(zend_mm_storage *storage)
+{
+}
+
+#if defined(HAVE_MEM_MMAP_ANON) || defined(HAVE_MEM_MMAP_ZERO)
+
+static zend_mm_segment* zend_mm_mem_mmap_realloc(zend_mm_storage *storage, zend_mm_segment* segment, size_t size)
+{
+	zend_mm_segment *ret;
+#ifdef HAVE_MREMAP
+#if defined(__NetBSD__)
+	/* NetBSD 5 supports mremap but takes an extra newp argument */
+	ret = (zend_mm_segment*)mremap(segment, segment->size, segment, size, MREMAP_MAYMOVE);
+#else
+	ret = (zend_mm_segment*)mremap(segment, segment->size, size, MREMAP_MAYMOVE);
+#endif
+	if (ret == MAP_FAILED) {
+#endif
+		ret = storage->handlers->_alloc(storage, size);
+		if (ret) {
+			memcpy(ret, segment, size > segment->size ? segment->size : size);
+			storage->handlers->_free(storage, segment);
+		}
+#ifdef HAVE_MREMAP
+	}
+#endif
+	return ret;
+}
+
+static void zend_mm_mem_mmap_free(zend_mm_storage *storage, zend_mm_segment* segment)
+{
+	munmap((void*)segment, segment->size);
+}
+
+#endif
+
+#ifdef HAVE_MEM_MMAP_ANON
+
+static zend_mm_segment* zend_mm_mem_mmap_anon_alloc(zend_mm_storage *storage, size_t size)
+{
+	zend_mm_segment *ret = (zend_mm_segment*)mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON, -1, 0);
+	if (ret == MAP_FAILED) {
+		ret = NULL;
+	}
+	return ret;
+}
+
+# define ZEND_MM_MEM_MMAP_ANON_DSC {"mmap_anon", zend_mm_mem_dummy_init, zend_mm_mem_dummy_dtor, zend_mm_mem_dummy_compact, zend_mm_mem_mmap_anon_alloc, zend_mm_mem_mmap_realloc, zend_mm_mem_mmap_free}
+
+#endif
+
+#ifdef HAVE_MEM_MMAP_ZERO
+
+static int zend_mm_dev_zero_fd = -1;
+
+static zend_mm_storage* zend_mm_mem_mmap_zero_init(void *params)
+{
+	if (zend_mm_dev_zero_fd != -1) {
+		zend_mm_dev_zero_fd = open("/dev/zero", O_RDWR, S_IRUSR | S_IWUSR);
+	}
+	if (zend_mm_dev_zero_fd >= 0) {
+		return malloc(sizeof(zend_mm_storage));
+	} else {
+		return NULL;
+	}
+}
+
+static void zend_mm_mem_mmap_zero_dtor(zend_mm_storage *storage)
+{
+	close(zend_mm_dev_zero_fd);
+	free(storage);
+}
+
+static zend_mm_segment* zend_mm_mem_mmap_zero_alloc(zend_mm_storage *storage, size_t size)
+{
+	zend_mm_segment *ret = (zend_mm_segment*)mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_PRIVATE, zend_mm_dev_zero_fd, 0);
+	if (ret == MAP_FAILED) {
+		ret = NULL;
+	}
+	return ret;
+}
+
+# define ZEND_MM_MEM_MMAP_ZERO_DSC {"mmap_zero", zend_mm_mem_mmap_zero_init, zend_mm_mem_mmap_zero_dtor, zend_mm_mem_dummy_compact, zend_mm_mem_mmap_zero_alloc, zend_mm_mem_mmap_realloc, zend_mm_mem_mmap_free}
+
+#endif
+
+#ifdef HAVE_MEM_WIN32
+
+static zend_mm_storage* zend_mm_mem_win32_init(void *params)
+{
+	HANDLE heap = HeapCreate(HEAP_NO_SERIALIZE, 0, 0);
+	zend_mm_storage* storage;
+
+	if (heap == NULL) {
+		return NULL;
+	}
+	storage = (zend_mm_storage*)malloc(sizeof(zend_mm_storage));
+	storage->data = (void*) heap;
+	return storage;
+}
+
+static void zend_mm_mem_win32_dtor(zend_mm_storage *storage)
+{
+	HeapDestroy((HANDLE)storage->data);
+	free(storage);
+}
+
+static void zend_mm_mem_win32_compact(zend_mm_storage *storage)
+{
+    HeapDestroy((HANDLE)storage->data);
+    storage->data = (void*)HeapCreate(HEAP_NO_SERIALIZE, 0, 0);
+}
+
+static zend_mm_segment* zend_mm_mem_win32_alloc(zend_mm_storage *storage, size_t size)
+{
+	return (zend_mm_segment*) HeapAlloc((HANDLE)storage->data, HEAP_NO_SERIALIZE, size);
+}
+
+static void zend_mm_mem_win32_free(zend_mm_storage *storage, zend_mm_segment* segment)
+{
+	HeapFree((HANDLE)storage->data, HEAP_NO_SERIALIZE, segment);
+}
+
+static zend_mm_segment* zend_mm_mem_win32_realloc(zend_mm_storage *storage, zend_mm_segment* segment, size_t size)
+{
+	return (zend_mm_segment*) HeapReAlloc((HANDLE)storage->data, HEAP_NO_SERIALIZE, segment, size);
+}
+
+# define ZEND_MM_MEM_WIN32_DSC {"win32", zend_mm_mem_win32_init, zend_mm_mem_win32_dtor, zend_mm_mem_win32_compact, zend_mm_mem_win32_alloc, zend_mm_mem_win32_realloc, zend_mm_mem_win32_free}
+
+#endif
+
+#ifdef HAVE_MEM_MALLOC
+
+static zend_mm_segment* zend_mm_mem_malloc_alloc(zend_mm_storage *storage, size_t size)
+{
+	return (zend_mm_segment*)malloc(size);
+}
+
+static zend_mm_segment* zend_mm_mem_malloc_realloc(zend_mm_storage *storage, zend_mm_segment *ptr, size_t size)
+{
+	return (zend_mm_segment*)realloc(ptr, size);
+}
+
+static void zend_mm_mem_malloc_free(zend_mm_storage *storage, zend_mm_segment *ptr)
+{
+	free(ptr);
+}
+
+# define ZEND_MM_MEM_MALLOC_DSC {"malloc", zend_mm_mem_dummy_init, zend_mm_mem_dummy_dtor, zend_mm_mem_dummy_compact, zend_mm_mem_malloc_alloc, zend_mm_mem_malloc_realloc, zend_mm_mem_malloc_free}
+
+#endif
+
+static const zend_mm_mem_handlers mem_handlers[] = {
+#ifdef HAVE_MEM_WIN32
+	ZEND_MM_MEM_WIN32_DSC,
+#endif
+#ifdef HAVE_MEM_MALLOC
+	ZEND_MM_MEM_MALLOC_DSC,
+#endif
+#ifdef HAVE_MEM_MMAP_ANON
+	ZEND_MM_MEM_MMAP_ANON_DSC,
+#endif
+#ifdef HAVE_MEM_MMAP_ZERO
+	ZEND_MM_MEM_MMAP_ZERO_DSC,
+#endif
+	{NULL, NULL, NULL, NULL, NULL, NULL}
+};
+
+# define ZEND_MM_STORAGE_DTOR()						heap->storage->handlers->dtor(heap->storage)
+# define ZEND_MM_STORAGE_ALLOC(size)				heap->storage->handlers->_alloc(heap->storage, size)
+# define ZEND_MM_STORAGE_REALLOC(ptr, size)			heap->storage->handlers->_realloc(heap->storage, ptr, size)
+# define ZEND_MM_STORAGE_FREE(ptr)					heap->storage->handlers->_free(heap->storage, ptr)
+
+/****************/
+/* Heap Manager */
+/****************/
+
+#define MEM_BLOCK_VALID  0x7312F8DC
+#define	MEM_BLOCK_FREED  0x99954317
+#define	MEM_BLOCK_CACHED 0xFB8277DC
+#define	MEM_BLOCK_GUARD  0x2A8FCC84
+#define	MEM_BLOCK_LEAK   0x6C5E8F2D
+
+#if SUHOSIN_MM_WITH_CANARY_PROTECTION
+# define CANARY_SIZE sizeof(size_t)
+#else
+# define CANARY_SIZE 0
+#endif
+
+/* mm block type */
+typedef struct _zend_mm_block_info_canary {
+#if ZEND_MM_COOKIES
+	size_t _cookie;
+#endif
+#if SUHOSIN_MM_WITH_CANARY_PROTECTION
+	size_t canary_1;
+#endif
+  	size_t _size;
+  	size_t _prev;
+#if SUHOSIN_PATCH
+	size_t size;
+#if SUHOSIN_MM_WITH_CANARY_PROTECTION
+	size_t canary_2;
+#endif
+#endif
+} zend_mm_block_info_canary;
+
+#if ZEND_DEBUG
+
+typedef struct _zend_mm_debug_info_canary {
+	char *filename;
+	uint lineno;
+	char *orig_filename;
+	uint orig_lineno;
+	size_t size;
+#if ZEND_MM_HEAP_PROTECTION
+	unsigned int start_magic;
+#endif
+} zend_mm_debug_info_canary;
+
+#elif ZEND_MM_HEAP_PROTECTION
+
+typedef struct _zend_mm_debug_info_canary {
+	size_t size;
+	unsigned int start_magic;
+} zend_mm_debug_info_canary;
+
+#endif
+
+typedef struct _zend_mm_block_canary {
+	zend_mm_block_info_canary info;
+#if ZEND_DEBUG
+	unsigned int magic;
+# ifdef ZTS
+	THREAD_T thread_id;
+# endif
+	zend_mm_debug_info_canary debug;
+#elif ZEND_MM_HEAP_PROTECTION
+	zend_mm_debug_info_canary debug;
+#endif
+} zend_mm_block_canary;
+
+typedef struct _zend_mm_small_free_block_canary {
+	zend_mm_block_info_canary info;
+#if ZEND_DEBUG
+	unsigned int magic;
+# ifdef ZTS
+	THREAD_T thread_id;
+# endif
+#endif
+	struct _zend_mm_free_block_canary *prev_free_block;
+	struct _zend_mm_free_block_canary *next_free_block;
+} zend_mm_small_free_block_canary;
+
+typedef struct _zend_mm_free_block_canary {
+	zend_mm_block_info_canary info;
+#if ZEND_DEBUG
+	unsigned int magic;
+# ifdef ZTS
+	THREAD_T thread_id;
+# endif
+#endif
+	struct _zend_mm_free_block_canary *prev_free_block;
+	struct _zend_mm_free_block_canary *next_free_block;
+
+	struct _zend_mm_free_block_canary **parent;
+	struct _zend_mm_free_block_canary *child[2];
+} zend_mm_free_block_canary;
+
+#define ZEND_MM_NUM_BUCKETS (sizeof(size_t) << 3)
+
+#define ZEND_MM_CACHE 1
+#define ZEND_MM_CACHE_SIZE (ZEND_MM_NUM_BUCKETS * 4 * 1024)
+
+#ifndef ZEND_MM_CACHE_STAT
+# define ZEND_MM_CACHE_STAT 0
+#endif
+
+typedef struct _zend_mm_heap_canary {
+	int                 use_zend_alloc;
+	void               *(*_malloc)(size_t);
+	void                (*_free)(void*);
+	void               *(*_realloc)(void*, size_t);
+	size_t              free_bitmap;
+	size_t              large_free_bitmap;
+	size_t              block_size;
+	size_t              compact_size;
+	zend_mm_segment    *segments_list;
+	zend_mm_storage    *storage;
+	size_t              real_size;
+	size_t              real_peak;
+	size_t              limit;
+	size_t              size;
+	size_t              peak;
+	size_t              reserve_size;
+	void               *reserve;
+	int                 overflow;
+	int                 internal;
+#if ZEND_MM_CACHE
+	unsigned int        cached;
+	zend_mm_free_block_canary *cache[ZEND_MM_NUM_BUCKETS];
+#endif
+	zend_mm_free_block_canary *free_buckets[ZEND_MM_NUM_BUCKETS*2];
+	zend_mm_free_block_canary *large_free_buckets[ZEND_MM_NUM_BUCKETS];
+	zend_mm_free_block_canary *rest_buckets[2];
+#if ZEND_MM_CACHE_STAT
+	struct {
+		int count;
+		int max_count;
+		int hit;
+		int miss;
+	} cache_stat[ZEND_MM_NUM_BUCKETS+1];
+#endif
+#if SUHOSIN_PATCH
+ 	size_t              canary_1,canary_2,canary_3;
+#endif
+};
+
+#define ZEND_MM_SMALL_FREE_BUCKET(heap, index) \
+	(zend_mm_free_block_canary*) ((char*)&heap->free_buckets[index * 2] + \
+		sizeof(zend_mm_free_block_canary*) * 2 - \
+		sizeof(zend_mm_small_free_block_canary))
+
+#define ZEND_MM_REST_BUCKET(heap) \
+	(zend_mm_free_block_canary*)((char*)&heap->rest_buckets[0] + \
+		sizeof(zend_mm_free_block_canary*) * 2 - \
+		sizeof(zend_mm_small_free_block_canary))
+
+#if ZEND_MM_COOKIES
+
+static unsigned int _zend_mm_cookie = 0;
+
+# define ZEND_MM_COOKIE(block) \
+	(((size_t)(block)) ^ _zend_mm_cookie)
+# define ZEND_MM_SET_COOKIE(block) \
+	(block)->info._cookie = ZEND_MM_COOKIE(block)
+# define ZEND_MM_CHECK_COOKIE(block) \
+	if (UNEXPECTED((block)->info._cookie != ZEND_MM_COOKIE(block))) { \
+		zend_mm_panic("zend_mm_heap corrupted"); \
+	}
+#else
+# define ZEND_MM_SET_COOKIE(block)
+# define ZEND_MM_CHECK_COOKIE(block)
+#endif
+
+/* Default memory segment size */
+#define ZEND_MM_SEG_SIZE   (256 * 1024)
+
+/* Reserved space for error reporting in case of memory overflow */
+#define ZEND_MM_RESERVE_SIZE            (8*1024)
+
+#ifdef _WIN64
+# define ZEND_MM_LONG_CONST(x)	(x##i64)
+#else
+# define ZEND_MM_LONG_CONST(x)	(x##L)
+#endif
+
+#define ZEND_MM_TYPE_MASK		ZEND_MM_LONG_CONST(0x3)
+
+#define ZEND_MM_FREE_BLOCK		ZEND_MM_LONG_CONST(0x0)
+#define ZEND_MM_USED_BLOCK		ZEND_MM_LONG_CONST(0x1)
+#define ZEND_MM_GUARD_BLOCK		ZEND_MM_LONG_CONST(0x3)
+
+#define ZEND_MM_BLOCK(b, type, size)	do { \
+											size_t _size = (size); \
+											(b)->info._size = (type) | _size; \
+											ZEND_MM_BLOCK_AT(b, _size)->info._prev = (type) | _size; \
+											ZEND_MM_SET_COOKIE(b); \
+										} while (0);
+#define ZEND_MM_LAST_BLOCK(b)			do { \
+		(b)->info._size = ZEND_MM_GUARD_BLOCK | ZEND_MM_ALIGNED_HEADER_SIZE; \
+		ZEND_MM_SET_MAGIC(b, MEM_BLOCK_GUARD); \
+ 	} while (0);
+#define ZEND_MM_BLOCK_SIZE(b)			((b)->info._size & ~ZEND_MM_TYPE_MASK)
+#define ZEND_MM_IS_FREE_BLOCK(b)		(!((b)->info._size & ZEND_MM_USED_BLOCK))
+#define ZEND_MM_IS_USED_BLOCK(b)		((b)->info._size & ZEND_MM_USED_BLOCK)
+#define ZEND_MM_IS_GUARD_BLOCK(b)		(((b)->info._size & ZEND_MM_TYPE_MASK) == ZEND_MM_GUARD_BLOCK)
+
+#define ZEND_MM_NEXT_BLOCK(b)			ZEND_MM_BLOCK_AT(b, ZEND_MM_BLOCK_SIZE(b))
+#define ZEND_MM_PREV_BLOCK(b)			ZEND_MM_BLOCK_AT(b, -(int)((b)->info._prev & ~ZEND_MM_TYPE_MASK))
+
+#define ZEND_MM_PREV_BLOCK_IS_FREE(b)	(!((b)->info._prev & ZEND_MM_USED_BLOCK))
+
+#define ZEND_MM_MARK_FIRST_BLOCK(b)		((b)->info._prev = ZEND_MM_GUARD_BLOCK)
+#define ZEND_MM_IS_FIRST_BLOCK(b)		((b)->info._prev == ZEND_MM_GUARD_BLOCK)
+
+/* optimized access */
+#define ZEND_MM_FREE_BLOCK_SIZE(b)		(b)->info._size
+
+#ifndef ZEND_MM_ALIGNMENT
+# define ZEND_MM_ALIGNMENT 8
+# define ZEND_MM_ALIGNMENT_LOG2 3
+#elif ZEND_MM_ALIGNMENT < 4
+# undef ZEND_MM_ALIGNMENT
+# undef ZEND_MM_ALIGNMENT_LOG2
+# define ZEND_MM_ALIGNMENT 4
+# define ZEND_MM_ALIGNMENT_LOG2 2
+#endif
+
+#define ZEND_MM_ALIGNMENT_MASK ~(ZEND_MM_ALIGNMENT-1)
+
+/* Aligned header size */
+#define ZEND_MM_ALIGNED_SIZE(size)			((size + ZEND_MM_ALIGNMENT - 1) & ZEND_MM_ALIGNMENT_MASK)
+#define ZEND_MM_ALIGNED_HEADER_SIZE			ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_block_canary))
+#define ZEND_MM_ALIGNED_FREE_HEADER_SIZE	ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_small_free_block_canary))
+#define ZEND_MM_MIN_ALLOC_BLOCK_SIZE		ZEND_MM_ALIGNED_SIZE(ZEND_MM_ALIGNED_HEADER_SIZE + END_MAGIC_SIZE + CANARY_SIZE)
+#define ZEND_MM_ALIGNED_MIN_HEADER_SIZE		(ZEND_MM_MIN_ALLOC_BLOCK_SIZE>ZEND_MM_ALIGNED_FREE_HEADER_SIZE?ZEND_MM_MIN_ALLOC_BLOCK_SIZE:ZEND_MM_ALIGNED_FREE_HEADER_SIZE)
+#define ZEND_MM_ALIGNED_SEGMENT_SIZE		ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_segment))
+
+#define ZEND_MM_MIN_SIZE					((ZEND_MM_ALIGNED_MIN_HEADER_SIZE>(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE+CANARY_SIZE))?(ZEND_MM_ALIGNED_MIN_HEADER_SIZE-(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE+CANARY_SIZE)):0)
+
+#define ZEND_MM_MAX_SMALL_SIZE				((ZEND_MM_NUM_BUCKETS<<ZEND_MM_ALIGNMENT_LOG2)+ZEND_MM_ALIGNED_MIN_HEADER_SIZE)
+
+#define ZEND_MM_TRUE_SIZE(size)				((size<ZEND_MM_MIN_SIZE)?(ZEND_MM_ALIGNED_MIN_HEADER_SIZE):(ZEND_MM_ALIGNED_SIZE(size+ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE+CANARY_SIZE)))
+
+#define ZEND_MM_BUCKET_INDEX(true_size)		((true_size>>ZEND_MM_ALIGNMENT_LOG2)-(ZEND_MM_ALIGNED_MIN_HEADER_SIZE>>ZEND_MM_ALIGNMENT_LOG2))
+
+#define ZEND_MM_SMALL_SIZE(true_size)		(true_size < ZEND_MM_MAX_SMALL_SIZE)
+
+/* Memory calculations */
+#define ZEND_MM_BLOCK_AT(blk, offset)	((zend_mm_block_canary *) (((char *) (blk))+(offset)))
+#define ZEND_MM_DATA_OF(p)				((void *) (((char *) (p))+ZEND_MM_ALIGNED_HEADER_SIZE))
+#define ZEND_MM_HEADER_OF(blk)			ZEND_MM_BLOCK_AT(blk, -(int)ZEND_MM_ALIGNED_HEADER_SIZE)
+
+/* Debug output */
+#if ZEND_DEBUG
+
+# ifdef ZTS
+#  define ZEND_MM_SET_THREAD_ID(block) \
+	((zend_mm_block_canary*)(block))->thread_id = tsrm_thread_id()
+#  define ZEND_MM_BAD_THREAD_ID(block) ((block)->thread_id != tsrm_thread_id())
+# else
+#  define ZEND_MM_SET_THREAD_ID(block)
+#  define ZEND_MM_BAD_THREAD_ID(block) 0
+# endif
+
+# define ZEND_MM_VALID_PTR(block) \
+	zend_mm_check_ptr(heap, block, 1 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC)
+
+# define ZEND_MM_SET_MAGIC(block, val) do { \
+		(block)->magic = (val); \
+	} while (0)
+
+# define ZEND_MM_CHECK_MAGIC(block, val) do { \
+		if ((block)->magic != (val)) { \
+			zend_mm_panic("zend_mm_heap corrupted"); \
+		} \
+	} while (0)
+
+# define ZEND_MM_SET_DEBUG_INFO(block, __size, set_valid, set_thread) do { \
+		((zend_mm_block_canary*)(block))->debug.filename = __zend_filename; \
+		((zend_mm_block_canary*)(block))->debug.lineno = __zend_lineno; \
+		((zend_mm_block_canary*)(block))->debug.orig_filename = __zend_orig_filename; \
+		((zend_mm_block_canary*)(block))->debug.orig_lineno = __zend_orig_lineno; \
+		ZEND_MM_SET_BLOCK_SIZE(block, __size); \
+		if (set_valid) { \
+			ZEND_MM_SET_MAGIC(block, MEM_BLOCK_VALID); \
+		} \
+		if (set_thread) { \
+			ZEND_MM_SET_THREAD_ID(block); \
+		} \
+	} while (0)
+
+#else
+
+# define ZEND_MM_VALID_PTR(ptr) EXPECTED(ptr != NULL)
+
+# define ZEND_MM_SET_MAGIC(block, val)
+
+# define ZEND_MM_CHECK_MAGIC(block, val)
+
+# define ZEND_MM_SET_DEBUG_INFO(block, __size, set_valid, set_thread) ZEND_MM_SET_BLOCK_SIZE(block, __size)
+
+#endif
+
+#if SUHOSIN_MM_WITH_CANARY_PROTECTION
+
+# define SUHOSIN_MM_CHECK_CANARIES(block, MFUNCTION) do { \
+        char *p = SUHOSIN_MM_END_CANARY_PTR(block); size_t check; \
+	if (((block)->info.canary_1 != heap->canary_1) || ((block)->info.canary_2 != heap->canary_2)) { \
+		canary_mismatch: \
+		zend_suhosin_log(S_MEMORY, "canary mismatch on " MFUNCTION " - heap overflow detected at %p", (block)); \
+                if (SUHOSIN_CONFIG(SUHOSIN_MM_IGNORE_CANARY_VIOLATION) == 0) { _exit(1); } else { (block)->info.canary_1 = heap->canary_1; (block)->info.canary_2 = heap->canary_2; }\
+	} \
+        memcpy(&check, p, CANARY_SIZE); \
+        if (check != heap->canary_3) { \
+                zend_suhosin_log(S_MEMORY, "end canary mismatch on " MFUNCTION " - heap overflow detected at %p", (block)); \
+                if (SUHOSIN_CONFIG(SUHOSIN_MM_IGNORE_CANARY_VIOLATION) == 0) { _exit(1); } else { memcpy(p, heap->canary_3, CANARY_SIZE); } \
+        } \
+	} while (0)
+
+# define SUHOSIN_MM_SET_CANARIES(block) do { \
+        (block)->info.canary_1 = heap->canary_1; \
+        (block)->info.canary_2 = heap->canary_2; \
+        } while (0)      
+
+# define SUHOSIN_MM_END_CANARY_PTR(block) \
+	(char *)(((char*)(ZEND_MM_DATA_OF(block))) + ((zend_mm_block_canary*)(block))->info.size + END_MAGIC_SIZE)
+
+# define SUHOSIN_MM_SET_END_CANARY(block) do { \
+	char *p = SUHOSIN_MM_END_CANARY_PTR(block); \
+	memcpy(p, &heap->canary_3, CANARY_SIZE); \
+	} while (0)
+
+#else
+
+# define SUHOSIN_MM_CHECK_CANARIES(block, MFUNCTION)
+# define SUHOSIN_MM_SET_CANARIES(block)
+# define SUHOSIN_MM_END_CANARY_PTR(block)
+# define SUHOSIN_MM_SET_END_CANARY(block)
+
+#endif
+
+
+#if ZEND_MM_HEAP_PROTECTION
+
+# define ZEND_MM_CHECK_PROTECTION(block) \
+	do { \
+		if ((block)->debug.start_magic != _mem_block_start_magic || \
+		    memcmp(ZEND_MM_END_MAGIC_PTR(block), &_mem_block_end_magic, END_MAGIC_SIZE) != 0) { \
+		    zend_mm_panic("zend_mm_heap corrupted"); \
+		} \
+	} while (0)
+
+# define ZEND_MM_END_MAGIC_PTR(block) \
+	(((char*)(ZEND_MM_DATA_OF(block))) + ((zend_mm_block_canary*)(block))->debug.size)
+
+# define END_MAGIC_SIZE sizeof(unsigned int)
+
+# define ZEND_MM_SET_BLOCK_SIZE(block, __size) do { \
+		char *p; \
+		((zend_mm_block_canary*)(block))->debug.size = (__size); \
+		p = ZEND_MM_END_MAGIC_PTR(block); \
+		((zend_mm_block_canary*)(block))->debug.start_magic = _mem_block_start_magic; \
+		memcpy(p, &_mem_block_end_magic, END_MAGIC_SIZE); \
+	} while (0)
+
+static unsigned int _mem_block_start_magic = 0;
+static unsigned int _mem_block_end_magic   = 0;
+
+#else
+
+# if ZEND_DEBUG
+#  define ZEND_MM_SET_BLOCK_SIZE(block, _size) \
+	((zend_mm_block_canary*)(block))->debug.size = (_size)
+# else
+#  define ZEND_MM_SET_BLOCK_SIZE(block, _size)
+# endif
+
+# define ZEND_MM_CHECK_PROTECTION(block)
+
+# define END_MAGIC_SIZE 0
+
+#endif
+
+#if ZEND_MM_SAFE_UNLINKING
+# define ZEND_MM_CHECK_BLOCK_LINKAGE(block) \
+	if (UNEXPECTED((block)->info._size != ZEND_MM_BLOCK_AT(block, ZEND_MM_FREE_BLOCK_SIZE(block))->info._prev) || \
+		UNEXPECTED(!UNEXPECTED(ZEND_MM_IS_FIRST_BLOCK(block)) && \
+	    UNEXPECTED(ZEND_MM_PREV_BLOCK(block)->info._size != (block)->info._prev))) { \
+	    zend_mm_panic("zend_mm_heap corrupted"); \
+	}
+#define ZEND_MM_CHECK_TREE(block) \
+	if (UNEXPECTED(*((block)->parent) != (block))) { \
+		zend_mm_panic("zend_mm_heap corrupted"); \
+	}
+#else
+# define ZEND_MM_CHECK_BLOCK_LINKAGE(block)
+# define ZEND_MM_CHECK_TREE(block)
+#endif
+
+#define ZEND_MM_LARGE_BUCKET_INDEX(S) zend_mm_high_bit(S)
+
+void *_zend_mm_alloc_canary_int(zend_mm_heap_canary *heap, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC;
+void _zend_mm_free_canary_int(zend_mm_heap_canary *heap, void *p ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC);
+void *_zend_mm_realloc_canary_int(zend_mm_heap_canary *heap, void *p, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC);
+
+
+static inline unsigned int zend_mm_high_bit(size_t _size)
+{
+#if defined(__GNUC__) && defined(i386)
+	unsigned int n;
+
+	__asm__("bsrl %1,%0\n\t" : "=r" (n) : "rm"  (_size));
+	return n;
+#elif defined(__GNUC__) && defined(__x86_64__)
+	unsigned long n;
+
+        __asm__("bsrq %1,%0\n\t" : "=r" (n) : "rm"  (_size));
+        return (unsigned int)n;
+#elif defined(_MSC_VER) && defined(_M_IX86)
+	__asm {
+		bsr eax, _size
+	}
+#else
+	unsigned int n = 0;
+	while (_size != 0) {
+		_size = _size >> 1;
+		n++;
+	}
+	return n-1;
+#endif
+}
+
+static inline unsigned int zend_mm_low_bit(size_t _size)
+{
+#if defined(__GNUC__) && defined(i386)
+	unsigned int n;
+
+	__asm__("bsfl %1,%0\n\t" : "=r" (n) : "rm"  (_size));
+	return n;
+#elif defined(__GNUC__) && defined(__x86_64__)
+        unsigned long n;
+
+        __asm__("bsfq %1,%0\n\t" : "=r" (n) : "rm"  (_size));
+        return (unsigned int)n;
+#elif defined(_MSC_VER) && defined(_M_IX86)
+	__asm {
+		bsf eax, _size
+   }
+#else
+	static const int offset[16] = {4,0,1,0,2,0,1,0,3,0,1,0,2,0,1,0};
+	unsigned int n;
+	unsigned int index = 0;
+
+	n = offset[_size & 15];
+	while (n == 4) {
+		_size >>= 4;
+		index += n;
+		n = offset[_size & 15];
+	}
+
+	return index + n;
+#endif
+}
+
+static void zend_mm_add_to_rest_list(zend_mm_heap_canary *heap, zend_mm_free_block_canary *mm_block)
+{
+	zend_mm_free_block_canary *prev, *next;
+
+	ZEND_MM_SET_MAGIC(mm_block, MEM_BLOCK_FREED);
+
+	if (!ZEND_MM_SMALL_SIZE(ZEND_MM_FREE_BLOCK_SIZE(mm_block))) {
+		mm_block->parent = NULL;
+	}
+
+	prev = SUHOSIN_MANGLE_PTR(heap->rest_buckets[0]);
+	next = SUHOSIN_MANGLE_PTR(prev->next_free_block);
+	mm_block->prev_free_block = SUHOSIN_MANGLE_PTR(prev);
+	mm_block->next_free_block = SUHOSIN_MANGLE_PTR(next);
+	prev->next_free_block = next->prev_free_block = SUHOSIN_MANGLE_PTR(mm_block);
+}
+
+static void zend_mm_add_to_free_list(zend_mm_heap_canary *heap, zend_mm_free_block_canary *mm_block)
+{
+	size_t size;
+	size_t index;
+
+	ZEND_MM_SET_MAGIC(mm_block, MEM_BLOCK_FREED);
+
+	size = ZEND_MM_FREE_BLOCK_SIZE(mm_block);
+	if (EXPECTED(!ZEND_MM_SMALL_SIZE(size))) {
+		zend_mm_free_block_canary **p;
+
+		index = ZEND_MM_LARGE_BUCKET_INDEX(size);
+		p = &heap->large_free_buckets[index];
+		mm_block->child[0] = mm_block->child[1] = NULL;
+		if (!*p) {
+			*p = mm_block;
+			mm_block->parent = p;
+			mm_block->prev_free_block = mm_block->next_free_block = SUHOSIN_MANGLE_PTR(mm_block);
+			heap->large_free_bitmap |= (ZEND_MM_LONG_CONST(1) << index);
+		} else {
+			size_t m;
+
+			for (m = size << (ZEND_MM_NUM_BUCKETS - index); ; m <<= 1) {
+				zend_mm_free_block_canary *prev = *p;
+
+				if (ZEND_MM_FREE_BLOCK_SIZE(prev) != size) {
+					p = &prev->child[(m >> (ZEND_MM_NUM_BUCKETS-1)) & 1];
+					if (!*p) {
+						*p = mm_block;
+						mm_block->parent = p;
+						mm_block->prev_free_block = mm_block->next_free_block = SUHOSIN_MANGLE_PTR(mm_block);
+						break;
+					}
+				} else {
+					zend_mm_free_block_canary *next = SUHOSIN_MANGLE_PTR(prev->next_free_block);
+
+					prev->next_free_block = next->prev_free_block = SUHOSIN_MANGLE_PTR(mm_block);
+					mm_block->next_free_block = SUHOSIN_MANGLE_PTR(next);
+					mm_block->prev_free_block = SUHOSIN_MANGLE_PTR(prev);
+					mm_block->parent = NULL;
+					break;
+				}
+			}
+		}
+	} else {
+		zend_mm_free_block_canary *prev, *next;
+
+		index = ZEND_MM_BUCKET_INDEX(size);
+
+		prev = ZEND_MM_SMALL_FREE_BUCKET(heap, index);
+		if (SUHOSIN_MANGLE_PTR(prev->prev_free_block) == prev) {
+			heap->free_bitmap |= (ZEND_MM_LONG_CONST(1) << index);
+		}
+		next = SUHOSIN_MANGLE_PTR(prev->next_free_block);
+
+		mm_block->prev_free_block = SUHOSIN_MANGLE_PTR(prev);
+		mm_block->next_free_block = SUHOSIN_MANGLE_PTR(next);
+		prev->next_free_block = next->prev_free_block = SUHOSIN_MANGLE_PTR(mm_block);
+	}
+}
+
+static void zend_mm_remove_from_free_list(zend_mm_heap_canary *heap, zend_mm_free_block_canary *mm_block)
+{
+	zend_mm_free_block_canary *prev = SUHOSIN_MANGLE_PTR(mm_block->prev_free_block);
+	zend_mm_free_block_canary *next = SUHOSIN_MANGLE_PTR(mm_block->next_free_block);
+
+	ZEND_MM_CHECK_MAGIC(mm_block, MEM_BLOCK_FREED);
+
+	if (EXPECTED(prev == mm_block)) {
+		zend_mm_free_block_canary **rp, **cp;
+
+#if SUHOSIN_PATCH
+                if (next != mm_block) {
+                        zend_suhosin_log(S_MEMORY, "zend_mm_heap corrupted at %p", mm_block);
+                        _exit(1);
+                }
+#endif
+#if ZEND_MM_SAFE_UNLINKING
+		if (UNEXPECTED(next != mm_block)) {
+			zend_mm_panic("zend_mm_heap corrupted");
+		}
+#endif
+
+		rp = &mm_block->child[mm_block->child[1] != NULL];
+		prev = *rp;
+		if (EXPECTED(prev == NULL)) {
+			size_t index = ZEND_MM_LARGE_BUCKET_INDEX(ZEND_MM_FREE_BLOCK_SIZE(mm_block));
+
+			ZEND_MM_CHECK_TREE(mm_block);
+			*mm_block->parent = NULL;
+			if (mm_block->parent == &heap->large_free_buckets[index]) {
+				heap->large_free_bitmap &= ~(ZEND_MM_LONG_CONST(1) << index);
+		    }
+		} else {
+			while (*(cp = &(prev->child[prev->child[1] != NULL])) != NULL) {
+				prev = *cp;
+				rp = cp;
+			}
+			*rp = NULL;
+
+subst_block:
+			ZEND_MM_CHECK_TREE(mm_block);
+			*mm_block->parent = prev;
+			prev->parent = mm_block->parent;
+			if ((prev->child[0] = mm_block->child[0])) {
+				ZEND_MM_CHECK_TREE(prev->child[0]);
+				prev->child[0]->parent = &prev->child[0];
+			}
+			if ((prev->child[1] = mm_block->child[1])) {
+				ZEND_MM_CHECK_TREE(prev->child[1]);
+				prev->child[1]->parent = &prev->child[1];
+			}
+		}
+	} else {
+
+#if SUHOSIN_PATCH
+                if (SUHOSIN_MANGLE_PTR(prev->next_free_block) != mm_block || SUHOSIN_MANGLE_PTR(next->prev_free_block) != mm_block) {
+                        zend_suhosin_log(S_MEMORY, "zend_mm_head corrupted at %p", mm_block);
+		        _exit(1);
+                }
+#endif    
+
+#if ZEND_MM_SAFE_UNLINKING
+		if (UNEXPECTED(SUHOSIN_MANGLE_PTR(prev->next_free_block) != mm_block) || UNEXPECTED(SUHOSIN_MANGLE_PTR(next->prev_free_block) != mm_block)) {
+			zend_mm_panic("zend_mm_heap corrupted");
+		}
+#endif
+
+		prev->next_free_block = SUHOSIN_MANGLE_PTR(next);
+		next->prev_free_block = SUHOSIN_MANGLE_PTR(prev);
+
+		if (EXPECTED(ZEND_MM_SMALL_SIZE(ZEND_MM_FREE_BLOCK_SIZE(mm_block)))) {
+			if (EXPECTED(prev == next)) {
+				size_t index = ZEND_MM_BUCKET_INDEX(ZEND_MM_FREE_BLOCK_SIZE(mm_block));
+
+				if (EXPECTED(heap->free_buckets[index*2] == heap->free_buckets[index*2+1])) {
+					heap->free_bitmap &= ~(ZEND_MM_LONG_CONST(1) << index);
+				}
+			}
+		} else if (UNEXPECTED(mm_block->parent != NULL)) {
+			goto subst_block;
+		}
+	}
+}
+
+static void zend_mm_init(zend_mm_heap_canary *heap)
+{
+	zend_mm_free_block_canary* p;
+	int i;
+
+	heap->free_bitmap = 0;
+	heap->large_free_bitmap = 0;
+#if ZEND_MM_CACHE
+	heap->cached = 0;
+	memset(heap->cache, 0, sizeof(heap->cache));
+#endif
+#if ZEND_MM_CACHE_STAT
+	for (i = 0; i < ZEND_MM_NUM_BUCKETS; i++) {
+		heap->cache_stat[i].count = 0;
+	}
+#endif
+	p = ZEND_MM_SMALL_FREE_BUCKET(heap, 0);
+	for (i = 0; i < ZEND_MM_NUM_BUCKETS; i++) {
+		p->next_free_block = SUHOSIN_MANGLE_PTR(p);
+		p->prev_free_block = SUHOSIN_MANGLE_PTR(p);
+		p = (zend_mm_free_block_canary*)((char*)p + sizeof(zend_mm_free_block_canary*) * 2);
+		heap->large_free_buckets[i] = NULL;
+	}
+	heap->rest_buckets[0] = heap->rest_buckets[1] = SUHOSIN_MANGLE_PTR(ZEND_MM_REST_BUCKET(heap));
+#if SUHOSIN_PATCH
+        if (SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION)) {
+	        zend_canary(&heap->canary_1, sizeof(heap->canary_1));
+	        zend_canary(&heap->canary_2, sizeof(heap->canary_2));
+	        zend_canary(&heap->canary_3, sizeof(heap->canary_3));
+	}
+#endif
+}
+
+static void zend_mm_del_segment(zend_mm_heap_canary *heap, zend_mm_segment *segment)
+{
+	zend_mm_segment **p = &heap->segments_list;
+
+	while (*p != segment) {
+		p = &(*p)->next_segment;
+	}
+	*p = segment->next_segment;
+	heap->real_size -= segment->size;
+	ZEND_MM_STORAGE_FREE(segment);
+}
+
+#if ZEND_MM_CACHE
+static void zend_mm_free_cache(zend_mm_heap_canary *heap)
+{
+	int i;
+
+	for (i = 0; i < ZEND_MM_NUM_BUCKETS; i++) {
+		/* SUHOSIN_MANGLE_PTR should NOT affect NULL pointers */
+		if (heap->cache[i]) {
+			zend_mm_free_block_canary *mm_block = SUHOSIN_MANGLE_PTR(heap->cache[i]);
+
+			while (mm_block) {
+				size_t size = ZEND_MM_BLOCK_SIZE(mm_block);
+				zend_mm_free_block_canary *q = SUHOSIN_MANGLE_PTR(mm_block->prev_free_block);
+				zend_mm_block_canary *next_block = ZEND_MM_NEXT_BLOCK(mm_block);
+
+				heap->cached -= size;
+
+				if (ZEND_MM_PREV_BLOCK_IS_FREE(mm_block)) {
+					mm_block = (zend_mm_free_block_canary*)ZEND_MM_PREV_BLOCK(mm_block);
+					size += ZEND_MM_FREE_BLOCK_SIZE(mm_block);
+					zend_mm_remove_from_free_list(heap, (zend_mm_free_block_canary *) mm_block);
+				}
+				if (ZEND_MM_IS_FREE_BLOCK(next_block)) {
+					size += ZEND_MM_FREE_BLOCK_SIZE(next_block);
+					zend_mm_remove_from_free_list(heap, (zend_mm_free_block_canary *) next_block);
+				}
+				ZEND_MM_BLOCK(mm_block, ZEND_MM_FREE_BLOCK, size);
+
+				if (ZEND_MM_IS_FIRST_BLOCK(mm_block) &&
+				    ZEND_MM_IS_GUARD_BLOCK(ZEND_MM_NEXT_BLOCK(mm_block))) {
+					zend_mm_del_segment(heap, (zend_mm_segment *) ((char *)mm_block - ZEND_MM_ALIGNED_SEGMENT_SIZE));
+				} else {
+					zend_mm_add_to_free_list(heap, (zend_mm_free_block_canary *) mm_block);
+				}
+
+				mm_block = q;
+			}
+			heap->cache[i] = NULL;
+#if ZEND_MM_CACHE_STAT
+			heap->cache_stat[i].count = 0;
+#endif
+		}
+	}
+}
+#endif
+
+#if ZEND_MM_HEAP_PROTECTION || ZEND_MM_COOKIES
+static void zend_mm_random(unsigned char *buf, size_t size) /* {{{ */
+{
+	size_t i = 0;
+	unsigned char t;
+
+#ifdef ZEND_WIN32
+	HCRYPTPROV   hCryptProv;
+	int has_context = 0;
+
+	if (!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, 0)) {
+		/* Could mean that the key container does not exist, let try 
+		   again by asking for a new one */
+		if (GetLastError() == NTE_BAD_KEYSET) {
+			if (CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET)) {
+				has_context = 1;
+			}
+		}
+	} else {
+		has_context = 1;
+	}
+	if (has_context) {
+		do {
+			BOOL ret = CryptGenRandom(hCryptProv, size, buf);
+			CryptReleaseContext(hCryptProv, 0);
+			if (ret) {
+				while (i < size && buf[i] != 0) {
+					i++;
+				}
+				if (i == size) {
+					return;
+				}
+		   }
+		} while (0);
+	}
+#elif defined(HAVE_DEV_URANDOM)
+	int fd = open("/dev/urandom", 0);
+
+	if (fd >= 0) {
+		if (read(fd, buf, size) == size) {
+			while (i < size && buf[i] != 0) {
+				i++;
+			}
+			if (i == size) {
+				close(fd);
+			    return;
+			}
+		}
+		close(fd);
+	}
+#endif
+	t = (unsigned char)getpid();
+	while (i < size) {
+		do {
+			buf[i] = ((unsigned char)rand()) ^ t;
+		} while (buf[i] == 0);
+		t = buf[i++] << 1;
+    }
+}
+/* }}} */
+#endif
+
+
+/* Notes:
+ * - This function may alter the block_sizes values to match platform alignment
+ * - This function does *not* perform sanity checks on the arguments
+ */
+zend_mm_heap_canary *__zend_mm_startup_canary_ex(const zend_mm_mem_handlers *handlers, size_t block_size, size_t reserve_size, int internal, void *params)
+{
+	zend_mm_storage *storage;
+	zend_mm_heap_canary    *heap;
+        zend_mm_free_block_canary *tmp;
+
+#if 0
+	int i;
+
+	printf("ZEND_MM_ALIGNMENT=%d\n", ZEND_MM_ALIGNMENT);
+	printf("ZEND_MM_ALIGNMENT_LOG2=%d\n", ZEND_MM_ALIGNMENT_LOG2);
+	printf("ZEND_MM_MIN_SIZE=%d\n", ZEND_MM_MIN_SIZE);
+	printf("ZEND_MM_MAX_SMALL_SIZE=%d\n", ZEND_MM_MAX_SMALL_SIZE);
+	printf("ZEND_MM_ALIGNED_HEADER_SIZE=%d\n", ZEND_MM_ALIGNED_HEADER_SIZE);
+	printf("ZEND_MM_ALIGNED_FREE_HEADER_SIZE=%d\n", ZEND_MM_ALIGNED_FREE_HEADER_SIZE);
+	printf("ZEND_MM_MIN_ALLOC_BLOCK_SIZE=%d\n", ZEND_MM_MIN_ALLOC_BLOCK_SIZE);
+	printf("ZEND_MM_ALIGNED_MIN_HEADER_SIZE=%d\n", ZEND_MM_ALIGNED_MIN_HEADER_SIZE);
+	printf("ZEND_MM_ALIGNED_SEGMENT_SIZE=%d\n", ZEND_MM_ALIGNED_SEGMENT_SIZE);
+	for (i = 0; i < ZEND_MM_MAX_SMALL_SIZE; i++) {
+		printf("%3d%c: %3ld %d %2ld\n", i, (i == ZEND_MM_MIN_SIZE?'*':' '), (long)ZEND_MM_TRUE_SIZE(i), ZEND_MM_SMALL_SIZE(ZEND_MM_TRUE_SIZE(i)), (long)ZEND_MM_BUCKET_INDEX(ZEND_MM_TRUE_SIZE(i)));
+	}
+	exit(0);
+#endif
+
+#if ZEND_MM_HEAP_PROTECTION
+	if (_mem_block_start_magic == 0) {
+		zend_mm_random((unsigned char*)&_mem_block_start_magic, sizeof(_mem_block_start_magic));
+	}
+	if (_mem_block_end_magic == 0) {
+		zend_mm_random((unsigned char*)&_mem_block_end_magic, sizeof(_mem_block_end_magic));
+	}
+#endif
+#if ZEND_MM_COOKIES
+	if (_zend_mm_cookie == 0) {
+		zend_mm_random((unsigned char*)&_zend_mm_cookie, sizeof(_zend_mm_cookie));
+	}
+#endif
+
+        /* get the pointer guardian and ensure low 3 bits are 1 */
+        if (SUHOSIN_POINTER_GUARD == 0) {
+                zend_canary(&SUHOSIN_POINTER_GUARD, sizeof(SUHOSIN_POINTER_GUARD));
+                SUHOSIN_POINTER_GUARD |= 7;
+        }
+
+	if (zend_mm_low_bit(block_size) != zend_mm_high_bit(block_size)) {
+		fprintf(stderr, "'block_size' must be a power of two\n");
+/* See http://support.microsoft.com/kb/190351 */
+#ifdef PHP_WIN32
+		fflush(stderr);
+#endif
+		exit(255);
+	}
+	storage = handlers->init(params);
+	if (!storage) {
+		fprintf(stderr, "Cannot initialize zend_mm storage [%s]\n", handlers->name);
+/* See http://support.microsoft.com/kb/190351 */
+#ifdef PHP_WIN32
+		fflush(stderr);
+#endif
+		exit(255);
+	}
+	storage->handlers = handlers;
+
+	heap = malloc(sizeof(struct _zend_mm_heap_canary));
+
+	heap->storage = storage;
+	heap->block_size = block_size;
+	heap->compact_size = 0;
+	heap->segments_list = NULL;
+	zend_mm_init(heap);
+# if ZEND_MM_CACHE_STAT
+	memset(heap->cache_stat, 0, sizeof(heap->cache_stat));
+# endif
+
+	heap->use_zend_alloc = 1;
+	heap->real_size = 0;
+	heap->overflow = 0;
+	heap->real_peak = 0;
+	heap->limit = ZEND_MM_LONG_CONST(1)<<(ZEND_MM_NUM_BUCKETS-2);
+	heap->size = 0;
+	heap->peak = 0;
+	heap->internal = internal;
+	heap->reserve = NULL;
+	heap->reserve_size = reserve_size;
+	if (reserve_size > 0) {
+		heap->reserve = _zend_mm_alloc((zend_mm_heap *)heap, reserve_size ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC);
+	}
+	if (internal) {
+		int i;
+		zend_mm_free_block_canary *p, *q, *orig;
+		zend_mm_heap_canary *mm_heap = _zend_mm_alloc((zend_mm_heap *)heap, sizeof(zend_mm_heap_canary)  ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC);
+
+		*mm_heap = *heap;
+
+		p = ZEND_MM_SMALL_FREE_BUCKET(mm_heap, 0);
+		orig = ZEND_MM_SMALL_FREE_BUCKET(heap, 0);
+		for (i = 0; i < ZEND_MM_NUM_BUCKETS; i++) {
+			q = p;
+			while (SUHOSIN_MANGLE_PTR(q->prev_free_block) != orig) {
+				q = SUHOSIN_MANGLE_PTR(q->prev_free_block);
+			}
+			q->prev_free_block = SUHOSIN_MANGLE_PTR(p);
+			q = p;
+			while (SUHOSIN_MANGLE_PTR(q->next_free_block) != orig) {
+				q = SUHOSIN_MANGLE_PTR(q->next_free_block);
+			}
+			q->next_free_block = SUHOSIN_MANGLE_PTR(p);
+			p = (zend_mm_free_block_canary*)((char*)p + sizeof(zend_mm_free_block_canary*) * 2);
+			orig = (zend_mm_free_block_canary*)((char*)orig + sizeof(zend_mm_free_block_canary*) * 2);
+			if (mm_heap->large_free_buckets[i]) {
+				mm_heap->large_free_buckets[i]->parent = &mm_heap->large_free_buckets[i];
+			}
+		}
+		mm_heap->rest_buckets[0] = mm_heap->rest_buckets[1] = SUHOSIN_MANGLE_PTR(ZEND_MM_REST_BUCKET(mm_heap));
+
+		free(heap);
+		heap = mm_heap;
+	}
+	return heap;
+}
+
+zend_mm_heap_canary *__zend_mm_startup_canary(void)
+{
+	int i;
+	size_t seg_size;
+	char *mem_type = getenv("ZEND_MM_MEM_TYPE");
+	char *tmp;
+	const zend_mm_mem_handlers *handlers;
+	zend_mm_heap_canary *heap;
+
+	if (mem_type == NULL) {
+		i = 0;
+	} else {
+		for (i = 0; mem_handlers[i].name; i++) {
+			if (strcmp(mem_handlers[i].name, mem_type) == 0) {
+				break;
+			}
+		}
+		if (!mem_handlers[i].name) {
+			fprintf(stderr, "Wrong or unsupported zend_mm storage type '%s'\n", mem_type);
+			fprintf(stderr, "  supported types:\n");
+/* See http://support.microsoft.com/kb/190351 */
+#ifdef PHP_WIN32
+			fflush(stderr);
+#endif
+			for (i = 0; mem_handlers[i].name; i++) {
+				fprintf(stderr, "    '%s'\n", mem_handlers[i].name);
+			}
+/* See http://support.microsoft.com/kb/190351 */
+#ifdef PHP_WIN32
+			fflush(stderr);
+#endif
+			exit(255);
+		}
+	}
+	handlers = &mem_handlers[i];
+
+	tmp = getenv("ZEND_MM_SEG_SIZE");
+	if (tmp) {
+		seg_size = zend_atoi(tmp, 0);
+		if (zend_mm_low_bit(seg_size) != zend_mm_high_bit(seg_size)) {
+			fprintf(stderr, "ZEND_MM_SEG_SIZE must be a power of two\n");
+/* See http://support.microsoft.com/kb/190351 */
+#ifdef PHP_WIN32
+			fflush(stderr);
+#endif
+			exit(255);
+		} else if (seg_size < ZEND_MM_ALIGNED_SEGMENT_SIZE + ZEND_MM_ALIGNED_HEADER_SIZE) {
+			fprintf(stderr, "ZEND_MM_SEG_SIZE is too small\n");
+/* See http://support.microsoft.com/kb/190351 */
+#ifdef PHP_WIN32
+			fflush(stderr);
+#endif
+			exit(255);
+		}
+	} else {
+		seg_size = ZEND_MM_SEG_SIZE;
+	}
+
+	heap = __zend_mm_startup_canary_ex(handlers, seg_size, ZEND_MM_RESERVE_SIZE, 0, NULL);
+	if (heap) {
+		tmp = getenv("ZEND_MM_COMPACT");
+		if (tmp) {
+			heap->compact_size = zend_atoi(tmp, 0);
+		} else {
+			heap->compact_size = 2 * 1024 * 1024;
+		}
+	}
+	return heap;
+}
+
+#if ZEND_DEBUG
+static long zend_mm_find_leaks(zend_mm_segment *segment, zend_mm_block_canary *b)
+{
+	long leaks = 0;
+	zend_mm_block_canary *p, *q;
+
+	p = ZEND_MM_NEXT_BLOCK(b);
+	while (1) {
+		if (ZEND_MM_IS_GUARD_BLOCK(p)) {
+			ZEND_MM_CHECK_MAGIC(p, MEM_BLOCK_GUARD);
+			segment = segment->next_segment;
+			if (!segment) {
+				break;
+			}
+			p = (zend_mm_block_canary *) ((char *) segment + ZEND_MM_ALIGNED_SEGMENT_SIZE);
+			continue;
+		}
+		q = ZEND_MM_NEXT_BLOCK(p);
+		if (q <= p ||
+		    (char*)q > (char*)segment + segment->size ||
+		    p->info._size != q->info._prev) {
+		    zend_mm_panic("zend_mm_heap corrupted");
+		}
+		if (!ZEND_MM_IS_FREE_BLOCK(p)) {
+			if (p->magic == MEM_BLOCK_VALID) {
+				if (p->debug.filename==b->debug.filename && p->debug.lineno==b->debug.lineno) {
+					ZEND_MM_SET_MAGIC(p, MEM_BLOCK_LEAK);
+					leaks++;
+				}
+#if ZEND_MM_CACHE
+			} else if (p->magic == MEM_BLOCK_CACHED) {
+				/* skip it */
+#endif
+			} else if (p->magic != MEM_BLOCK_LEAK) {
+			    zend_mm_panic("zend_mm_heap corrupted");
+			}
+		}
+		p = q;
+	}
+	return leaks;
+}
+
+static void zend_mm_check_leaks(zend_mm_heap_canary *heap TSRMLS_DC)
+{
+	zend_mm_segment *segment = heap->segments_list;
+	zend_mm_block_canary *p, *q;
+	zend_uint total = 0;
+
+	if (!segment) {
+		return;
+	}
+	p = (zend_mm_block_canary *) ((char *) segment + ZEND_MM_ALIGNED_SEGMENT_SIZE);
+	while (1) {
+		q = ZEND_MM_NEXT_BLOCK(p);
+		if (q <= p ||
+		    (char*)q > (char*)segment + segment->size ||
+		    p->info._size != q->info._prev) {
+			zend_mm_panic("zend_mm_heap corrupted");
+		}
+		if (!ZEND_MM_IS_FREE_BLOCK(p)) {
+			if (p->magic == MEM_BLOCK_VALID) {
+				long repeated;
+				zend_leak_info leak;
+
+				ZEND_MM_SET_MAGIC(p, MEM_BLOCK_LEAK);
+
+				leak.addr = ZEND_MM_DATA_OF(p);
+				leak.size = p->debug.size;
+				leak.filename = p->debug.filename;
+				leak.lineno = p->debug.lineno;
+				leak.orig_filename = p->debug.orig_filename;
+				leak.orig_lineno = p->debug.orig_lineno;
+
+				zend_message_dispatcher(ZMSG_LOG_SCRIPT_NAME, NULL TSRMLS_CC);
+				zend_message_dispatcher(ZMSG_MEMORY_LEAK_DETECTED, &leak TSRMLS_CC);
+				repeated = zend_mm_find_leaks(segment, p);
+				total += 1 + repeated;
+				if (repeated) {
+					zend_message_dispatcher(ZMSG_MEMORY_LEAK_REPEATED, (void *)(zend_uintptr_t)repeated TSRMLS_CC);
+				}
+#if ZEND_MM_CACHE
+			} else if (p->magic == MEM_BLOCK_CACHED) {
+				/* skip it */
+#endif
+			} else if (p->magic != MEM_BLOCK_LEAK) {
+				zend_mm_panic("zend_mm_heap corrupted");
+			}
+		}
+		if (ZEND_MM_IS_GUARD_BLOCK(q)) {
+			segment = segment->next_segment;
+			if (!segment) {
+				break;
+			}
+			q = (zend_mm_block_canary *) ((char *) segment + ZEND_MM_ALIGNED_SEGMENT_SIZE);
+		}
+		p = q;
+	}
+	if (total) {
+		zend_message_dispatcher(ZMSG_MEMORY_LEAKS_GRAND_TOTAL, &total TSRMLS_CC);
+	}
+}
+
+static int zend_mm_check_ptr(zend_mm_heap_canary *heap, void *ptr, int silent ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
+{
+	zend_mm_block_canary *p;
+	int no_cache_notice = 0;
+	int had_problems = 0;
+	int valid_beginning = 1;
+
+	if (silent==2) {
+		silent = 1;
+		no_cache_notice = 1;
+	} else if (silent==3) {
+		silent = 0;
+		no_cache_notice = 1;
+	}
+	if (!silent) {
+		TSRMLS_FETCH();
+		
+		zend_message_dispatcher(ZMSG_LOG_SCRIPT_NAME, NULL TSRMLS_CC);
+		zend_debug_alloc_output("---------------------------------------\n");
+		zend_debug_alloc_output("%s(%d) : Block "PTR_FMT" status:\n" ZEND_FILE_LINE_RELAY_CC, ptr);
+		if (__zend_orig_filename) {
+			zend_debug_alloc_output("%s(%d) : Actual location (location was relayed)\n" ZEND_FILE_LINE_ORIG_RELAY_CC);
+		}
+		if (!ptr) {
+			zend_debug_alloc_output("NULL\n");
+			zend_debug_alloc_output("---------------------------------------\n");
+			return 0;
+		}
+	}
+
+	if (!ptr) {
+		if (silent) {
+			return zend_mm_check_ptr(heap, ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+		}
+	}
+
+	p = ZEND_MM_HEADER_OF(ptr);
+
+#ifdef ZTS
+	if (ZEND_MM_BAD_THREAD_ID(p)) {
+		if (!silent) {
+			zend_debug_alloc_output("Invalid pointer: ((thread_id=0x%0.8X) != (expected=0x%0.8X))\n", (long)p->thread_id, (long)tsrm_thread_id());
+			had_problems = 1;
+		} else {
+			return zend_mm_check_ptr(heap, ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+		}
+	}
+#endif
+
+	if (p->info._size != ZEND_MM_NEXT_BLOCK(p)->info._prev) {
+		if (!silent) {
+			zend_debug_alloc_output("Invalid pointer: ((size="PTR_FMT") != (next.prev="PTR_FMT"))\n", p->info._size, ZEND_MM_NEXT_BLOCK(p)->info._prev);
+			had_problems = 1;
+		} else {
+			return zend_mm_check_ptr(heap, ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+		}
+	}
+	if (p->info._prev != ZEND_MM_GUARD_BLOCK &&
+	    ZEND_MM_PREV_BLOCK(p)->info._size != p->info._prev) {
+		if (!silent) {
+			zend_debug_alloc_output("Invalid pointer: ((prev="PTR_FMT") != (prev.size="PTR_FMT"))\n", p->info._prev, ZEND_MM_PREV_BLOCK(p)->info._size);
+			had_problems = 1;
+		} else {
+			return zend_mm_check_ptr(heap, ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+		}
+	}
+
+	if (had_problems) {
+		zend_debug_alloc_output("---------------------------------------\n");
+		return 0;
+	}
+
+	if (!silent) {
+		zend_debug_alloc_output("%10s\t","Beginning:  ");
+	}
+
+	if (!ZEND_MM_IS_USED_BLOCK(p)) {
+		if (!silent) {
+			if (p->magic != MEM_BLOCK_FREED) {
+				zend_debug_alloc_output("Freed (magic=0x%0.8X, expected=0x%0.8X)\n", p->magic, MEM_BLOCK_FREED);
+			} else {
+				zend_debug_alloc_output("Freed\n");
+			}
+			had_problems = 1;
+		} else {
+			return zend_mm_check_ptr(heap, ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+		}
+	} else if (ZEND_MM_IS_GUARD_BLOCK(p)) {
+		if (!silent) {
+			if (p->magic != MEM_BLOCK_FREED) {
+				zend_debug_alloc_output("Guard (magic=0x%0.8X, expected=0x%0.8X)\n", p->magic, MEM_BLOCK_FREED);
+			} else {
+				zend_debug_alloc_output("Guard\n");
+			}
+			had_problems = 1;
+		} else {
+			return zend_mm_check_ptr(heap, ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+		}
+	} else {
+		switch (p->magic) {
+			case MEM_BLOCK_VALID:
+			case MEM_BLOCK_LEAK:
+				if (!silent) {
+					zend_debug_alloc_output("OK (allocated on %s:%d, %d bytes)\n", p->debug.filename, p->debug.lineno, (int)p->debug.size);
+				}
+				break; /* ok */
+			case MEM_BLOCK_CACHED:
+				if (!no_cache_notice) {
+					if (!silent) {
+						zend_debug_alloc_output("Cached\n");
+						had_problems = 1;
+					} else {
+						return zend_mm_check_ptr(heap, ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+					}
+				}
+			case MEM_BLOCK_FREED:
+				if (!silent) {
+					zend_debug_alloc_output("Freed (invalid)\n");
+					had_problems = 1;
+				} else {
+					return zend_mm_check_ptr(heap, ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+				}
+				break;
+			case MEM_BLOCK_GUARD:
+				if (!silent) {
+					zend_debug_alloc_output("Guard (invalid)\n");
+					had_problems = 1;
+				} else {
+					return zend_mm_check_ptr(heap, ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+				}
+				break;
+			default:
+				if (!silent) {
+					zend_debug_alloc_output("Unknown (magic=0x%0.8X, expected=0x%0.8X)\n", p->magic, MEM_BLOCK_VALID);
+					had_problems = 1;
+					valid_beginning = 0;
+				} else {
+					return zend_mm_check_ptr(heap, ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+				}
+				break;
+		}
+	}
+
+#if ZEND_MM_HEAP_PROTECTION
+	if (!valid_beginning) {
+		if (!silent) {
+			zend_debug_alloc_output("%10s\t", "Start:");
+			zend_debug_alloc_output("Unknown\n");
+			zend_debug_alloc_output("%10s\t", "End:");
+			zend_debug_alloc_output("Unknown\n");
+		}
+	} else {
+		char *end_magic = ZEND_MM_END_MAGIC_PTR(p);
+
+		if (p->debug.start_magic == _mem_block_start_magic) {
+			if (!silent) {
+				zend_debug_alloc_output("%10s\t", "Start:");
+				zend_debug_alloc_output("OK\n");
+			}
+		} else {
+			char *overflow_ptr, *magic_ptr=(char *) &_mem_block_start_magic;
+			int overflows=0;
+			int i;
+
+			if (silent) {
+				return _mem_block_check(ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+			}
+			had_problems = 1;
+			overflow_ptr = (char *) &p->debug.start_magic;
+			i = END_MAGIC_SIZE;
+			while (--i >= 0) {
+				if (overflow_ptr[i]!=magic_ptr[i]) {
+					overflows++;
+				}
+			}
+			zend_debug_alloc_output("%10s\t", "Start:");
+			zend_debug_alloc_output("Overflown (magic=0x%0.8X instead of 0x%0.8X)\n", p->debug.start_magic, _mem_block_start_magic);
+			zend_debug_alloc_output("%10s\t","");
+			if (overflows >= END_MAGIC_SIZE) {
+				zend_debug_alloc_output("At least %d bytes overflown\n", END_MAGIC_SIZE);
+			} else {
+				zend_debug_alloc_output("%d byte(s) overflown\n", overflows);
+			}
+		}
+		if (memcmp(end_magic, &_mem_block_end_magic, END_MAGIC_SIZE)==0) {
+			if (!silent) {
+				zend_debug_alloc_output("%10s\t", "End:");
+				zend_debug_alloc_output("OK\n");
+			}
+		} else {
+			char *overflow_ptr, *magic_ptr=(char *) &_mem_block_end_magic;
+			int overflows=0;
+			int i;
+
+			if (silent) {
+				return _mem_block_check(ptr, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+			}
+			had_problems = 1;
+			overflow_ptr = (char *) end_magic;
+
+			for (i=0; i < END_MAGIC_SIZE; i++) {
+				if (overflow_ptr[i]!=magic_ptr[i]) {
+					overflows++;
+				}
+			}
+
+			zend_debug_alloc_output("%10s\t", "End:");
+			zend_debug_alloc_output("Overflown (magic=0x%0.8X instead of 0x%0.8X)\n", *end_magic, _mem_block_end_magic);
+			zend_debug_alloc_output("%10s\t","");
+			if (overflows >= END_MAGIC_SIZE) {
+				zend_debug_alloc_output("At least %d bytes overflown\n", END_MAGIC_SIZE);
+			} else {
+				zend_debug_alloc_output("%d byte(s) overflown\n", overflows);
+			}
+		}
+	}
+#endif
+
+	if (!silent) {
+		zend_debug_alloc_output("---------------------------------------\n");
+	}
+	return ((!had_problems) ? 1 : 0);
+}
+
+static int zend_mm_check_heap(zend_mm_heap_canary *heap, int silent ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
+{
+	zend_mm_segment *segment = heap->segments_list;
+	zend_mm_block_canary *p, *q;
+	int errors = 0;
+
+	if (!segment) {
+		return 0;
+	}
+	p = (zend_mm_block_canary *) ((char *) segment + ZEND_MM_ALIGNED_SEGMENT_SIZE);
+	while (1) {
+		q = ZEND_MM_NEXT_BLOCK(p);
+		if (q <= p ||
+		    (char*)q > (char*)segment + segment->size ||
+		    p->info._size != q->info._prev) {
+			zend_mm_panic("zend_mm_heap corrupted");
+		}
+		if (!ZEND_MM_IS_FREE_BLOCK(p)) {
+			if (p->magic == MEM_BLOCK_VALID || p->magic == MEM_BLOCK_LEAK) {
+				if (!zend_mm_check_ptr(heap, ZEND_MM_DATA_OF(p), (silent?2:3) ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC)) {
+					errors++;
+				}
+#if ZEND_MM_CACHE
+			} else if (p->magic == MEM_BLOCK_CACHED) {
+				/* skip it */
+#endif
+			} else if (p->magic != MEM_BLOCK_LEAK) {
+				zend_mm_panic("zend_mm_heap corrupted");
+			}
+		}
+		if (ZEND_MM_IS_GUARD_BLOCK(q)) {
+			segment = segment->next_segment;
+			if (!segment) {
+				return errors;
+			}
+			q = (zend_mm_block_canary *) ((char *) segment + ZEND_MM_ALIGNED_SEGMENT_SIZE);
+		}
+		p = q;
+	}
+}
+#endif
+
+void __zend_mm_shutdown_canary(zend_mm_heap_canary *heap, int full_shutdown, int silent TSRMLS_DC)
+{
+	zend_mm_storage *storage;
+	zend_mm_segment *segment;
+	zend_mm_segment *prev;
+	int internal;
+
+	if (heap->reserve) {
+#if ZEND_DEBUG
+		if (!silent) {
+			_zend_mm_free(heap, heap->reserve ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC);
+		}
+#endif
+		heap->reserve = NULL;
+	}
+
+#if ZEND_MM_CACHE_STAT
+	if (full_shutdown) {
+		FILE *f;
+
+		f = fopen("zend_mm.log", "w");
+		if (f) {
+			int i,j;
+			size_t size, true_size, min_size, max_size;
+			int hit = 0, miss = 0;
+
+			fprintf(f, "\nidx min_size max_size true_size  max_len     hits   misses\n");
+			size = 0;
+			while (1) {
+				true_size = ZEND_MM_TRUE_SIZE(size);
+				if (ZEND_MM_SMALL_SIZE(true_size)) {
+					min_size = size;
+					i = ZEND_MM_BUCKET_INDEX(true_size);
+					size++;
+					while (1) {
+						true_size = ZEND_MM_TRUE_SIZE(size);
+						if (ZEND_MM_SMALL_SIZE(true_size)) {
+							j = ZEND_MM_BUCKET_INDEX(true_size);
+							if (j > i) {
+								max_size = size-1;
+								break;
+							}
+						} else {
+							max_size = size-1;
+							break;
+						}
+						size++;
+					}
+					hit += heap->cache_stat[i].hit;
+					miss += heap->cache_stat[i].miss;
+					fprintf(f, "%2d %8d %8d %9d %8d %8d %8d\n", i, (int)min_size, (int)max_size, ZEND_MM_TRUE_SIZE(max_size), heap->cache_stat[i].max_count, heap->cache_stat[i].hit, heap->cache_stat[i].miss);
+				} else {
+					break;
+				}
+			}
+			fprintf(f, "                                        %8d %8d\n", hit, miss);
+			fprintf(f, "                                        %8d %8d\n", heap->cache_stat[ZEND_MM_NUM_BUCKETS].hit, heap->cache_stat[ZEND_MM_NUM_BUCKETS].miss);
+			fclose(f);
+		}
+	}
+#endif
+
+#if ZEND_DEBUG
+	if (!silent) {
+		zend_mm_check_leaks(heap TSRMLS_CC);
+	}
+#endif
+
+	internal = heap->internal;
+	storage = heap->storage;
+	segment = heap->segments_list;
+	while (segment) {
+		prev = segment;
+		segment = segment->next_segment;
+		ZEND_MM_STORAGE_FREE(prev);
+	}
+	if (full_shutdown) {
+		storage->handlers->dtor(storage);
+		if (!internal) {
+			free(heap);
+		}
+	} else {
+		if (heap->compact_size &&
+		    heap->real_peak > heap->compact_size) {
+			storage->handlers->compact(storage);
+		}
+		heap->segments_list = NULL;
+		zend_mm_init(heap);
+		heap->real_size = 0;
+		heap->real_peak = 0;
+		heap->size = 0;
+		heap->peak = 0;
+		if (heap->reserve_size) {
+			heap->reserve = _zend_mm_alloc((zend_mm_heap *)heap, heap->reserve_size  ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC);
+		}
+		heap->overflow = 0;
+	}
+}
+
+static void zend_mm_safe_error(zend_mm_heap_canary *heap,
+	const char *format,
+	size_t limit,
+#if ZEND_DEBUG
+	const char *filename,
+	uint lineno,
+#endif
+	size_t size)
+{
+	if (heap->reserve) {
+		_zend_mm_free_canary_int(heap, heap->reserve ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC);
+		heap->reserve = NULL;
+	}
+	if (heap->overflow == 0) {
+		char *error_filename;
+		uint error_lineno;
+		TSRMLS_FETCH();
+		if (zend_is_compiling(TSRMLS_C)) {
+			error_filename = zend_get_compiled_filename(TSRMLS_C);
+			error_lineno = zend_get_compiled_lineno(TSRMLS_C);
+		} else if (EG(in_execution)) {
+			error_filename = EG(active_op_array)?EG(active_op_array)->filename:NULL;
+			error_lineno = EG(opline_ptr)?(*EG(opline_ptr))->lineno:0;
+		} else {
+			error_filename = NULL;
+			error_lineno = 0;
+		}
+		if (!error_filename) {
+			error_filename = "Unknown";
+		}
+		heap->overflow = 1;
+		zend_try {
+			zend_error_noreturn(E_ERROR,
+				format,
+				limit,
+#if ZEND_DEBUG
+				filename,
+				lineno,
+#endif
+				size);
+		} zend_catch {
+			if (heap->overflow == 2) {
+				fprintf(stderr, "\nFatal error: ");
+				fprintf(stderr,
+					format,
+					limit,
+#if ZEND_DEBUG
+					filename,
+					lineno,
+#endif
+					size);
+				fprintf(stderr, " in %s on line %d\n", error_filename, error_lineno);
+			}
+/* See http://support.microsoft.com/kb/190351 */
+#ifdef PHP_WIN32
+			fflush(stderr);
+#endif
+		} zend_end_try();
+	} else {
+		heap->overflow = 2;
+	}
+	zend_bailout();
+}
+
+static zend_mm_free_block_canary *zend_mm_search_large_block(zend_mm_heap_canary *heap, size_t true_size)
+{
+	zend_mm_free_block_canary *best_fit;
+	size_t index = ZEND_MM_LARGE_BUCKET_INDEX(true_size);
+	size_t bitmap = heap->large_free_bitmap >> index;
+	zend_mm_free_block_canary *p;
+
+	if (bitmap == 0) {
+		return NULL;
+	}
+
+	if (UNEXPECTED((bitmap & 1) != 0)) {
+		/* Search for best "large" free block */
+		zend_mm_free_block_canary *rst = NULL;
+		size_t m;
+		size_t best_size = -1;
+
+		best_fit = NULL;
+		p = heap->large_free_buckets[index];
+		for (m = true_size << (ZEND_MM_NUM_BUCKETS - index); ; m <<= 1) {
+			if (UNEXPECTED(ZEND_MM_FREE_BLOCK_SIZE(p) == true_size)) {
+				return SUHOSIN_MANGLE_PTR(p->next_free_block);
+			} else if (ZEND_MM_FREE_BLOCK_SIZE(p) >= true_size &&
+			           ZEND_MM_FREE_BLOCK_SIZE(p) < best_size) {
+				best_size = ZEND_MM_FREE_BLOCK_SIZE(p);
+				best_fit = p;
+			}
+			if ((m & (ZEND_MM_LONG_CONST(1) << (ZEND_MM_NUM_BUCKETS-1))) == 0) {
+				if (p->child[1]) {
+					rst = p->child[1];
+				}
+				if (p->child[0]) {
+					p = p->child[0];
+				} else {
+					break;
+				}
+			} else if (p->child[1]) {
+				p = p->child[1];
+			} else {
+				break;
+			}
+		}
+
+		for (p = rst; p; p = p->child[p->child[0] != NULL]) {
+			if (UNEXPECTED(ZEND_MM_FREE_BLOCK_SIZE(p) == true_size)) {
+				return SUHOSIN_MANGLE_PTR(p->next_free_block);
+			} else if (ZEND_MM_FREE_BLOCK_SIZE(p) > true_size &&
+			           ZEND_MM_FREE_BLOCK_SIZE(p) < best_size) {
+				best_size = ZEND_MM_FREE_BLOCK_SIZE(p);
+				best_fit = p;
+			}
+		}
+
+		if (best_fit) {
+			return SUHOSIN_MANGLE_PTR(best_fit->next_free_block);
+		}
+		bitmap = bitmap >> 1;
+		if (!bitmap) {
+			return NULL;
+		}
+		index++;
+	}
+
+	/* Search for smallest "large" free block */
+	best_fit = p = heap->large_free_buckets[index + zend_mm_low_bit(bitmap)];
+	while ((p = p->child[p->child[0] != NULL])) {
+		if (ZEND_MM_FREE_BLOCK_SIZE(p) < ZEND_MM_FREE_BLOCK_SIZE(best_fit)) {
+			best_fit = p;
+		}
+	}
+	return SUHOSIN_MANGLE_PTR(best_fit->next_free_block);
+}
+
+void *_zend_mm_alloc_canary_int(zend_mm_heap_canary *heap, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
+{
+	zend_mm_free_block_canary *best_fit;
+	size_t true_size = ZEND_MM_TRUE_SIZE(size);
+	size_t block_size;
+	size_t remaining_size;
+	size_t segment_size;
+	zend_mm_segment *segment;
+	int keep_rest = 0;
+	
+	if (EXPECTED(ZEND_MM_SMALL_SIZE(true_size))) {
+		size_t index = ZEND_MM_BUCKET_INDEX(true_size);
+		size_t bitmap;
+
+		if (UNEXPECTED(true_size < size)) {
+			goto out_of_memory;
+		}
+#if ZEND_MM_CACHE
+		if (EXPECTED(heap->cache[index] != NULL)) {
+			/* Get block from cache */
+#if ZEND_MM_CACHE_STAT
+			heap->cache_stat[index].count--;
+			heap->cache_stat[index].hit++;
+#endif
+			best_fit = SUHOSIN_MANGLE_PTR(heap->cache[index]);
+			heap->cache[index] = best_fit->prev_free_block;
+			heap->cached -= true_size;
+#if SUHOSIN_PATCH
+                        SUHOSIN_MM_SET_CANARIES(best_fit);
+                        ((zend_mm_block_canary*)best_fit)->info.size = size;
+                        SUHOSIN_MM_SET_END_CANARY(best_fit);
+#endif			
+			ZEND_MM_CHECK_MAGIC(best_fit, MEM_BLOCK_CACHED);
+			ZEND_MM_SET_DEBUG_INFO(best_fit, size, 1, 0);
+			return ZEND_MM_DATA_OF(best_fit);
+ 		}
+#if ZEND_MM_CACHE_STAT
+		heap->cache_stat[index].miss++;
+#endif
+#endif
+
+		bitmap = heap->free_bitmap >> index;
+		if (bitmap) {
+			/* Found some "small" free block that can be used */
+			index += zend_mm_low_bit(bitmap);
+			best_fit = SUHOSIN_MANGLE_PTR(heap->free_buckets[index*2]);
+#if ZEND_MM_CACHE_STAT
+			heap->cache_stat[ZEND_MM_NUM_BUCKETS].hit++;
+#endif
+			goto zend_mm_finished_searching_for_block;
+		}
+	}
+
+#if ZEND_MM_CACHE_STAT
+	heap->cache_stat[ZEND_MM_NUM_BUCKETS].miss++;
+#endif
+
+	best_fit = zend_mm_search_large_block(heap, true_size);
+
+	if (!best_fit && heap->real_size >= heap->limit - heap->block_size) {
+		zend_mm_free_block_canary *p = SUHOSIN_MANGLE_PTR(heap->rest_buckets[0]);
+		size_t best_size = -1;
+
+		while (p != ZEND_MM_REST_BUCKET(heap)) {
+			if (UNEXPECTED(ZEND_MM_FREE_BLOCK_SIZE(p) == true_size)) {
+				best_fit = p;
+				goto zend_mm_finished_searching_for_block;
+			} else if (ZEND_MM_FREE_BLOCK_SIZE(p) > true_size &&
+			           ZEND_MM_FREE_BLOCK_SIZE(p) < best_size) {
+				best_size = ZEND_MM_FREE_BLOCK_SIZE(p);
+				best_fit = p;
+			}
+			p = SUHOSIN_MANGLE_PTR(p->prev_free_block);
+		}
+	}
+
+	if (!best_fit) {
+		if (true_size > heap->block_size - (ZEND_MM_ALIGNED_SEGMENT_SIZE + ZEND_MM_ALIGNED_HEADER_SIZE)) {
+			/* Make sure we add a memory block which is big enough,
+			   segment must have header "size" and trailer "guard" block */
+			segment_size = true_size + ZEND_MM_ALIGNED_SEGMENT_SIZE + ZEND_MM_ALIGNED_HEADER_SIZE;
+			segment_size = (segment_size + (heap->block_size-1)) & ~(heap->block_size-1);
+			keep_rest = 1;
+		} else {
+			segment_size = heap->block_size;
+		}
+
+		HANDLE_BLOCK_INTERRUPTIONS();
+
+		if (segment_size < true_size ||
+		    heap->real_size + segment_size > heap->limit) {
+			/* Memory limit overflow */
+#if ZEND_MM_CACHE
+			zend_mm_free_cache(heap);
+#endif
+			HANDLE_UNBLOCK_INTERRUPTIONS();
+#if ZEND_DEBUG
+			zend_mm_safe_error(heap, "Allowed memory size of %ld bytes exhausted at %s:%d (tried to allocate %lu bytes)", heap->limit, __zend_filename, __zend_lineno, size);
+#else
+			zend_mm_safe_error(heap, "Allowed memory size of %ld bytes exhausted (tried to allocate %lu bytes)", heap->limit, size);
+#endif
+		}
+
+		segment = (zend_mm_segment *) ZEND_MM_STORAGE_ALLOC(segment_size);
+
+		if (!segment) {
+			/* Storage manager cannot allocate memory */
+#if ZEND_MM_CACHE
+			zend_mm_free_cache(heap);
+#endif
+			HANDLE_UNBLOCK_INTERRUPTIONS();
+out_of_memory:
+#if ZEND_DEBUG
+			zend_mm_safe_error(heap, "Out of memory (allocated %ld) at %s:%d (tried to allocate %lu bytes)", heap->real_size, __zend_filename, __zend_lineno, size);
+#else
+			zend_mm_safe_error(heap, "Out of memory (allocated %ld) (tried to allocate %lu bytes)", heap->real_size, size);
+#endif
+			return NULL;
+		}
+
+		heap->real_size += segment_size;
+		if (heap->real_size > heap->real_peak) {
+			heap->real_peak = heap->real_size;
+		}
+
+		segment->size = segment_size;
+		segment->next_segment = heap->segments_list;
+		heap->segments_list = segment;
+
+		best_fit = (zend_mm_free_block_canary *) ((char *) segment + ZEND_MM_ALIGNED_SEGMENT_SIZE);
+		ZEND_MM_MARK_FIRST_BLOCK(best_fit);
+
+		block_size = segment_size - ZEND_MM_ALIGNED_SEGMENT_SIZE - ZEND_MM_ALIGNED_HEADER_SIZE;
+
+		ZEND_MM_LAST_BLOCK(ZEND_MM_BLOCK_AT(best_fit, block_size));
+
+	} else {
+zend_mm_finished_searching_for_block:
+		/* remove from free list */
+		HANDLE_BLOCK_INTERRUPTIONS();
+		ZEND_MM_CHECK_MAGIC(best_fit, MEM_BLOCK_FREED);
+		ZEND_MM_CHECK_COOKIE(best_fit);
+		ZEND_MM_CHECK_BLOCK_LINKAGE(best_fit);
+		zend_mm_remove_from_free_list(heap, best_fit);
+
+		block_size = ZEND_MM_FREE_BLOCK_SIZE(best_fit);
+	}
+
+	remaining_size = block_size - true_size;
+
+	if (remaining_size < ZEND_MM_ALIGNED_MIN_HEADER_SIZE) {
+		true_size = block_size;
+		ZEND_MM_BLOCK(best_fit, ZEND_MM_USED_BLOCK, true_size);
+	} else {
+		zend_mm_free_block_canary *new_free_block;
+
+		/* prepare new free block */
+		ZEND_MM_BLOCK(best_fit, ZEND_MM_USED_BLOCK, true_size);
+		new_free_block = (zend_mm_free_block_canary *) ZEND_MM_BLOCK_AT(best_fit, true_size);
+		ZEND_MM_BLOCK(new_free_block, ZEND_MM_FREE_BLOCK, remaining_size);
+
+		/* add the new free block to the free list */
+		if (EXPECTED(!keep_rest)) {
+			zend_mm_add_to_free_list(heap, new_free_block);
+		} else {
+			zend_mm_add_to_rest_list(heap, new_free_block);
+		}
+	}
+
+	ZEND_MM_SET_DEBUG_INFO(best_fit, size, 1, 1);
+
+#if SUHOSIN_PATCH
+        SUHOSIN_MM_SET_CANARIES(best_fit);
+        ((zend_mm_block_canary*)best_fit)->info.size = size;
+        SUHOSIN_MM_SET_END_CANARY(best_fit);
+#endif
+        
+	heap->size += true_size;
+	if (heap->peak < heap->size) {
+		heap->peak = heap->size;
+	}
+
+	HANDLE_UNBLOCK_INTERRUPTIONS();
+	return ZEND_MM_DATA_OF(best_fit);
+}
+
+
+void _zend_mm_free_canary_int(zend_mm_heap_canary *heap, void *p ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
+{
+	zend_mm_block_canary *mm_block;
+	zend_mm_block_canary *next_block;
+	size_t size;
+
+	if (!ZEND_MM_VALID_PTR(p)) {
+		return;
+	}
+
+	mm_block = ZEND_MM_HEADER_OF(p);
+	size = ZEND_MM_BLOCK_SIZE(mm_block);
+#if SUHOSIN_PATCH
+        SUHOSIN_MM_CHECK_CANARIES(mm_block, "efree()");
+#endif    
+	ZEND_MM_CHECK_PROTECTION(mm_block);
+
+#if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION
+	memset(ZEND_MM_DATA_OF(mm_block), 0x5a, mm_block->debug.size);
+#endif
+#if SUHOSIN_PATCH
+        if (UNEXPECTED(SUHOSIN_CONFIG(SUHOSIN_MM_DESTROY_FREE_MEMORY))) {
+                memset(ZEND_MM_DATA_OF(mm_block), 0x5a, mm_block->info.size);
+        }
+#endif
+#if ZEND_MM_CACHE
+	if (EXPECTED(ZEND_MM_SMALL_SIZE(size)) && EXPECTED(heap->cached < ZEND_MM_CACHE_SIZE)) {
+		size_t index = ZEND_MM_BUCKET_INDEX(size);
+		zend_mm_free_block_canary **cache = &heap->cache[index];
+
+		((zend_mm_free_block_canary*)mm_block)->prev_free_block = *cache;
+		*cache = (zend_mm_free_block_canary*)SUHOSIN_MANGLE_PTR(mm_block);
+		heap->cached += size;
+		ZEND_MM_SET_MAGIC(mm_block, MEM_BLOCK_CACHED);
+#if ZEND_MM_CACHE_STAT
+		if (++heap->cache_stat[index].count > heap->cache_stat[index].max_count) {
+			heap->cache_stat[index].max_count = heap->cache_stat[index].count;
+		}
+#endif
+		return;
+	}
+#endif
+
+	HANDLE_BLOCK_INTERRUPTIONS();
+
+	heap->size -= size;
+
+	next_block = ZEND_MM_BLOCK_AT(mm_block, size);
+	if (ZEND_MM_IS_FREE_BLOCK(next_block)) {
+		zend_mm_remove_from_free_list(heap, (zend_mm_free_block_canary *) next_block);
+		size += ZEND_MM_FREE_BLOCK_SIZE(next_block);
+	}
+	if (ZEND_MM_PREV_BLOCK_IS_FREE(mm_block)) {
+		mm_block = ZEND_MM_PREV_BLOCK(mm_block);
+		zend_mm_remove_from_free_list(heap, (zend_mm_free_block_canary *) mm_block);
+		size += ZEND_MM_FREE_BLOCK_SIZE(mm_block);
+	}
+	if (ZEND_MM_IS_FIRST_BLOCK(mm_block) &&
+	    ZEND_MM_IS_GUARD_BLOCK(ZEND_MM_BLOCK_AT(mm_block, size))) {
+		zend_mm_del_segment(heap, (zend_mm_segment *) ((char *)mm_block - ZEND_MM_ALIGNED_SEGMENT_SIZE));
+	} else {
+		ZEND_MM_BLOCK(mm_block, ZEND_MM_FREE_BLOCK, size);
+		zend_mm_add_to_free_list(heap, (zend_mm_free_block_canary *) mm_block);
+	}
+	HANDLE_UNBLOCK_INTERRUPTIONS();
+}
+
+void *_zend_mm_realloc_canary_int(zend_mm_heap_canary *heap, void *p, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
+{
+	zend_mm_block_canary *mm_block = ZEND_MM_HEADER_OF(p);
+	zend_mm_block_canary *next_block;
+	size_t true_size;
+	size_t orig_size;
+	void *ptr;
+
+	if (UNEXPECTED(!p) || !ZEND_MM_VALID_PTR(p)) {
+		return _zend_mm_alloc_canary_int(heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+	}
+	mm_block = ZEND_MM_HEADER_OF(p);
+	true_size = ZEND_MM_TRUE_SIZE(size);
+	orig_size = ZEND_MM_BLOCK_SIZE(mm_block);
+#if SUHOSIN_PATCH
+        SUHOSIN_MM_CHECK_CANARIES(mm_block, "erealloc()");
+#endif	
+	ZEND_MM_CHECK_PROTECTION(mm_block);
+
+	if (UNEXPECTED(true_size < size)) {
+		goto out_of_memory;
+	}
+
+	if (true_size <= orig_size) {
+		size_t remaining_size = orig_size - true_size;
+
+		if (remaining_size >= ZEND_MM_ALIGNED_MIN_HEADER_SIZE) {
+			zend_mm_free_block_canary *new_free_block;
+
+			HANDLE_BLOCK_INTERRUPTIONS();
+			next_block = ZEND_MM_BLOCK_AT(mm_block, orig_size);
+			if (ZEND_MM_IS_FREE_BLOCK(next_block)) {
+				remaining_size += ZEND_MM_FREE_BLOCK_SIZE(next_block);
+				zend_mm_remove_from_free_list(heap, (zend_mm_free_block_canary *) next_block);
+			}
+
+			/* prepare new free block */
+			ZEND_MM_BLOCK(mm_block, ZEND_MM_USED_BLOCK, true_size);
+			new_free_block = (zend_mm_free_block_canary *) ZEND_MM_BLOCK_AT(mm_block, true_size);
+
+			ZEND_MM_BLOCK(new_free_block, ZEND_MM_FREE_BLOCK, remaining_size);
+
+			/* add the new free block to the free list */
+			zend_mm_add_to_free_list(heap, new_free_block);
+			heap->size += (true_size - orig_size);
+			HANDLE_UNBLOCK_INTERRUPTIONS();
+		}
+		ZEND_MM_SET_DEBUG_INFO(mm_block, size, 0, 0);
+#if SUHOSIN_PATCH
+                SUHOSIN_MM_SET_CANARIES(mm_block);
+                ((zend_mm_block_canary*)mm_block)->info.size = size;
+                SUHOSIN_MM_SET_END_CANARY(mm_block);
+#endif
+		return p;
+	}
+
+#if ZEND_MM_CACHE
+	if (ZEND_MM_SMALL_SIZE(true_size)) {
+		size_t index = ZEND_MM_BUCKET_INDEX(true_size);
+		
+		if (heap->cache[index] != NULL) {
+			zend_mm_free_block_canary *best_fit;
+			zend_mm_free_block_canary **cache;
+
+#if ZEND_MM_CACHE_STAT
+			heap->cache_stat[index].count--;
+			heap->cache_stat[index].hit++;
+#endif
+			best_fit = SUHOSIN_MANGLE_PTR(heap->cache[index]);
+			heap->cache[index] = best_fit->prev_free_block;
+			ZEND_MM_CHECK_MAGIC(best_fit, MEM_BLOCK_CACHED);
+			ZEND_MM_SET_DEBUG_INFO(best_fit, size, 1, 0);                        	
+#if SUHOSIN_PATCH
+                        SUHOSIN_MM_SET_CANARIES(best_fit);
+                        ((zend_mm_block_canary*)best_fit)->info.size = size;
+                        SUHOSIN_MM_SET_END_CANARY(best_fit);
+#endif
+
+			ptr = ZEND_MM_DATA_OF(best_fit);
+
+#if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION
+			memcpy(ptr, p, mm_block->debug.size);
+#else
+			memcpy(ptr, p, orig_size - ZEND_MM_ALIGNED_HEADER_SIZE - CANARY_SIZE);
+#endif
+
+			heap->cached -= true_size - orig_size;
+
+			index = ZEND_MM_BUCKET_INDEX(orig_size);
+			cache = &heap->cache[index];
+
+			((zend_mm_free_block_canary*)mm_block)->prev_free_block = *cache;
+			*cache = (zend_mm_free_block_canary*)SUHOSIN_MANGLE_PTR(mm_block);
+			ZEND_MM_SET_MAGIC(mm_block, MEM_BLOCK_CACHED);
+#if ZEND_MM_CACHE_STAT
+			if (++heap->cache_stat[index].count > heap->cache_stat[index].max_count) {
+				heap->cache_stat[index].max_count = heap->cache_stat[index].count;
+			}
+#endif
+			return ptr;
+		}
+	}
+#endif
+
+	next_block = ZEND_MM_BLOCK_AT(mm_block, orig_size);
+
+	if (ZEND_MM_IS_FREE_BLOCK(next_block)) {
+		ZEND_MM_CHECK_COOKIE(next_block);
+		ZEND_MM_CHECK_BLOCK_LINKAGE(next_block);
+		if (orig_size + ZEND_MM_FREE_BLOCK_SIZE(next_block) >= true_size) {
+			size_t block_size = orig_size + ZEND_MM_FREE_BLOCK_SIZE(next_block);
+			size_t remaining_size = block_size - true_size;
+
+			HANDLE_BLOCK_INTERRUPTIONS();
+			zend_mm_remove_from_free_list(heap, (zend_mm_free_block_canary *) next_block);
+
+			if (remaining_size < ZEND_MM_ALIGNED_MIN_HEADER_SIZE) {
+				true_size = block_size;
+				ZEND_MM_BLOCK(mm_block, ZEND_MM_USED_BLOCK, true_size);
+			} else {
+				zend_mm_free_block_canary *new_free_block;
+
+				/* prepare new free block */
+				ZEND_MM_BLOCK(mm_block, ZEND_MM_USED_BLOCK, true_size);
+				new_free_block = (zend_mm_free_block_canary *) ZEND_MM_BLOCK_AT(mm_block, true_size);
+				ZEND_MM_BLOCK(new_free_block, ZEND_MM_FREE_BLOCK, remaining_size);
+
+				/* add the new free block to the free list */
+				if (ZEND_MM_IS_FIRST_BLOCK(mm_block) &&
+				    ZEND_MM_IS_GUARD_BLOCK(ZEND_MM_BLOCK_AT(new_free_block, remaining_size))) {
+					zend_mm_add_to_rest_list(heap, new_free_block);
+				} else {
+					zend_mm_add_to_free_list(heap, new_free_block);
+				}
+			}
+			ZEND_MM_SET_DEBUG_INFO(mm_block, size, 0, 0);
+			heap->size = heap->size + true_size - orig_size;
+			if (heap->peak < heap->size) {
+				heap->peak = heap->size;
+			}
+			HANDLE_UNBLOCK_INTERRUPTIONS();
+#if SUHOSIN_PATCH
+                        SUHOSIN_MM_SET_CANARIES(mm_block);
+                        ((zend_mm_block_canary*)mm_block)->info.size = size;
+                        SUHOSIN_MM_SET_END_CANARY(mm_block);
+#endif
+			return p;
+		} else if (ZEND_MM_IS_FIRST_BLOCK(mm_block) &&
+				   ZEND_MM_IS_GUARD_BLOCK(ZEND_MM_BLOCK_AT(next_block, ZEND_MM_FREE_BLOCK_SIZE(next_block)))) {
+			HANDLE_BLOCK_INTERRUPTIONS();
+			zend_mm_remove_from_free_list(heap, (zend_mm_free_block_canary *) next_block);
+			goto realloc_segment;
+		}
+	} else if (ZEND_MM_IS_FIRST_BLOCK(mm_block) && ZEND_MM_IS_GUARD_BLOCK(next_block)) {
+		zend_mm_segment *segment;
+		zend_mm_segment *segment_copy;
+		size_t segment_size;
+		size_t block_size;
+		size_t remaining_size;
+
+		HANDLE_BLOCK_INTERRUPTIONS();
+realloc_segment:
+		/* segment size, size of block and size of guard block */
+		if (true_size > heap->block_size - (ZEND_MM_ALIGNED_SEGMENT_SIZE + ZEND_MM_ALIGNED_HEADER_SIZE)) {
+			segment_size = true_size+ZEND_MM_ALIGNED_SEGMENT_SIZE+ZEND_MM_ALIGNED_HEADER_SIZE;
+			segment_size = (segment_size + (heap->block_size-1)) & ~(heap->block_size-1);
+		} else {
+			segment_size = heap->block_size;
+		}
+
+		segment_copy = (zend_mm_segment *) ((char *)mm_block - ZEND_MM_ALIGNED_SEGMENT_SIZE);
+		if (segment_size < true_size ||
+		    heap->real_size + segment_size - segment_copy->size > heap->limit) {
+			if (ZEND_MM_IS_FREE_BLOCK(next_block)) {
+				zend_mm_add_to_free_list(heap, (zend_mm_free_block_canary *) next_block);
+			}
+#if ZEND_MM_CACHE
+			zend_mm_free_cache(heap);
+#endif
+			HANDLE_UNBLOCK_INTERRUPTIONS();
+#if ZEND_DEBUG
+			zend_mm_safe_error(heap, "Allowed memory size of %ld bytes exhausted at %s:%d (tried to allocate %ld bytes)", heap->limit, __zend_filename, __zend_lineno, size);
+#else
+			zend_mm_safe_error(heap, "Allowed memory size of %ld bytes exhausted (tried to allocate %ld bytes)", heap->limit, size);
+#endif
+			return NULL;
+		}
+
+		segment = ZEND_MM_STORAGE_REALLOC(segment_copy, segment_size);
+		if (!segment) {
+#if ZEND_MM_CACHE
+			zend_mm_free_cache(heap);
+#endif
+			HANDLE_UNBLOCK_INTERRUPTIONS();
+out_of_memory:
+#if ZEND_DEBUG
+			zend_mm_safe_error(heap, "Out of memory (allocated %ld) at %s:%d (tried to allocate %ld bytes)", heap->real_size, __zend_filename, __zend_lineno, size);
+#else
+			zend_mm_safe_error(heap, "Out of memory (allocated %ld) (tried to allocate %ld bytes)", heap->real_size, size);
+#endif
+			return NULL;
+		}
+		heap->real_size += segment_size - segment->size;
+		if (heap->real_size > heap->real_peak) {
+			heap->real_peak = heap->real_size;
+		}
+
+		segment->size = segment_size;
+
+		if (segment != segment_copy) {
+			zend_mm_segment **seg = &heap->segments_list;
+			while (*seg != segment_copy) {
+				seg = &(*seg)->next_segment;
+			}
+			*seg = segment;
+			mm_block = (zend_mm_block_canary *) ((char *) segment + ZEND_MM_ALIGNED_SEGMENT_SIZE);
+			ZEND_MM_MARK_FIRST_BLOCK(mm_block);
+		}
+
+		block_size = segment_size - ZEND_MM_ALIGNED_SEGMENT_SIZE - ZEND_MM_ALIGNED_HEADER_SIZE;
+		remaining_size = block_size - true_size;
+
+		/* setup guard block */
+		ZEND_MM_LAST_BLOCK(ZEND_MM_BLOCK_AT(mm_block, block_size));
+
+		if (remaining_size < ZEND_MM_ALIGNED_MIN_HEADER_SIZE) {
+			true_size = block_size;
+			ZEND_MM_BLOCK(mm_block, ZEND_MM_USED_BLOCK, true_size);
+		} else {
+			zend_mm_free_block_canary *new_free_block;
+
+			/* prepare new free block */
+			ZEND_MM_BLOCK(mm_block, ZEND_MM_USED_BLOCK, true_size);
+			new_free_block = (zend_mm_free_block_canary *) ZEND_MM_BLOCK_AT(mm_block, true_size);
+			ZEND_MM_BLOCK(new_free_block, ZEND_MM_FREE_BLOCK, remaining_size);
+
+			/* add the new free block to the free list */
+			zend_mm_add_to_rest_list(heap, new_free_block);
+		}
+
+		ZEND_MM_SET_DEBUG_INFO(mm_block, size, 1, 1);
+
+		heap->size = heap->size + true_size - orig_size;
+		if (heap->peak < heap->size) {
+			heap->peak = heap->size;
+		}
+
+		HANDLE_UNBLOCK_INTERRUPTIONS();
+#if SUHOSIN_PATCH
+                SUHOSIN_MM_SET_CANARIES(mm_block);
+                ((zend_mm_block_canary*)mm_block)->info.size = size;
+                SUHOSIN_MM_SET_END_CANARY(mm_block);
+#endif
+		return ZEND_MM_DATA_OF(mm_block);
+	}
+
+	ptr = _zend_mm_alloc_canary_int(heap, size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+#if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION
+	memcpy(ptr, p, mm_block->debug.size);
+#else
+	memcpy(ptr, p, orig_size - ZEND_MM_ALIGNED_HEADER_SIZE - CANARY_SIZE);
+#endif
+	_zend_mm_free_canary_int(heap, p ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+	return ptr;
+}
+
+ZEND_API size_t _zend_mm_block_size_canary(zend_mm_heap_canary *heap, void *p ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
+{
+	zend_mm_block_canary *mm_block;
+
+	if (!ZEND_MM_VALID_PTR(p)) {
+		return 0;
+	}
+	mm_block = ZEND_MM_HEADER_OF(p);
+	ZEND_MM_CHECK_PROTECTION(mm_block);
+#if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION
+	return mm_block->debug.size;
+#else
+	return ZEND_MM_BLOCK_SIZE(mm_block);
+#endif
+}
+
+#if defined(__GNUC__) && defined(i386)
+
+static inline size_t safe_address(size_t nmemb, size_t size, size_t offset)
+{
+	size_t res = nmemb;
+	unsigned long overflow = 0;
+
+	__asm__ ("mull %3\n\taddl %4,%0\n\tadcl %1,%1"
+	     : "=&a"(res), "=&d" (overflow)
+	     : "%0"(res),
+	       "rm"(size),
+	       "rm"(offset));
+	
+	if (UNEXPECTED(overflow)) {
+		zend_error_noreturn(E_ERROR, "Possible integer overflow in memory allocation (%zu * %zu + %zu)", nmemb, size, offset);
+		return 0;
+	}
+	return res;
+}
+
+#elif defined(__GNUC__) && defined(__x86_64__)
+
+static inline size_t safe_address(size_t nmemb, size_t size, size_t offset)
+{
+        size_t res = nmemb;
+        unsigned long overflow = 0;
+
+        __asm__ ("mulq %3\n\taddq %4,%0\n\tadcq %1,%1"
+             : "=&a"(res), "=&d" (overflow)
+             : "%0"(res),
+               "rm"(size),
+               "rm"(offset));
+
+        if (UNEXPECTED(overflow)) {
+                zend_error_noreturn(E_ERROR, "Possible integer overflow in memory allocation (%zu * %zu + %zu)", nmemb, size, offset);
+                return 0;
+        }
+        return res;
+}
+
+#elif SIZEOF_SIZE_T == 4 && defined(HAVE_ZEND_LONG64)
+
+static inline size_t safe_address(size_t nmemb, size_t size, size_t offset)
+{
+	zend_ulong64 res = (zend_ulong64)nmemb * (zend_ulong64)size + (zend_ulong64)offset;
+
+	if (UNEXPECTED(res > (zend_ulong64)0xFFFFFFFFL)) {
+		zend_error_noreturn(E_ERROR, "Possible integer overflow in memory allocation (%zu * %zu + %zu)", nmemb, size, offset);
+		return 0;
+	}
+	return (size_t) res;
+}
+
+#else
+
+static inline size_t safe_address(size_t nmemb, size_t size, size_t offset)
+{
+	size_t res = nmemb * size + offset;
+	double _d  = (double)nmemb * (double)size + (double)offset;
+	double _delta = (double)res - _d;
+
+	if (UNEXPECTED((_d + _delta ) != _d)) {
+		zend_error_noreturn(E_ERROR, "Possible integer overflow in memory allocation (%zu * %zu + %zu)", nmemb, size, offset);
+		return 0;
+	}
+	return res;
+}
+#endif
+
+/*
+ * Local variables:
+ * tab-width: 4
+ * c-basic-offset: 4
+ * indent-tabs-mode: t
+ * End:
+ */
+
diff -Naurp php-5.3.6RC1/Zend/zend_alloc.h php-5.3.6RC1.oden/Zend/zend_alloc.h
--- php-5.3.6RC1/Zend/zend_alloc.h	2011-01-01 03:19:59.000000000 +0100
+++ php-5.3.6RC1.oden/Zend/zend_alloc.h	2011-02-20 11:50:19.320838976 +0100
@@ -203,6 +203,8 @@ END_EXTERN_C()
 
 /* Heap functions */
 typedef struct _zend_mm_heap zend_mm_heap;
+typedef struct _zend_mm_heap_canary zend_mm_heap_canary;
+
 
 ZEND_API zend_mm_heap *zend_mm_startup(void);
 ZEND_API void zend_mm_shutdown(zend_mm_heap *heap, int full_shutdown, int silent TSRMLS_DC);
diff -Naurp php-5.3.6RC1/Zend/zend.c php-5.3.6RC1.oden/Zend/zend.c
--- php-5.3.6RC1/Zend/zend.c	2011-01-01 03:19:59.000000000 +0100
+++ php-5.3.6RC1.oden/Zend/zend.c	2011-02-20 11:50:19.321839116 +0100
@@ -60,6 +60,10 @@ int (*zend_vspprintf)(char **pbuf, size_
 ZEND_API char *(*zend_getenv)(char *name, size_t name_len TSRMLS_DC);
 ZEND_API char *(*zend_resolve_path)(const char *filename, int filename_len TSRMLS_DC);
 
+#if SUHOSIN_PATCH
+ZEND_API void (*zend_suhosin_log)(int loglevel, char *fmt, ...);
+#endif
+
 void (*zend_on_timeout)(int seconds TSRMLS_DC);
 
 static void (*zend_message_dispatcher_p)(long message, void *data TSRMLS_DC);
@@ -88,6 +92,74 @@ static ZEND_INI_MH(OnUpdateGCEnabled) /*
 }
 /* }}} */
 
+#if SUHOSIN_PATCH
+static ZEND_INI_MH(OnUpdateSuhosin_log_syslog)
+{
+	if (!new_value) {
+		SPG(log_syslog) = S_ALL & ~S_SQL | S_MEMORY;
+	} else {
+		SPG(log_syslog) = atoi(new_value) | S_MEMORY;
+	}
+	return SUCCESS;
+}
+static ZEND_INI_MH(OnUpdateSuhosin_log_syslog_facility)
+{
+	if (!new_value) {
+		SPG(log_syslog_facility) = LOG_USER;
+	} else {
+		SPG(log_syslog_facility) = atoi(new_value);
+	}
+	return SUCCESS;
+}
+static ZEND_INI_MH(OnUpdateSuhosin_log_syslog_priority)
+{
+	if (!new_value) {
+		SPG(log_syslog_priority) = LOG_ALERT;
+	} else {
+		SPG(log_syslog_priority) = atoi(new_value);
+	}
+	return SUCCESS;
+}
+static ZEND_INI_MH(OnUpdateSuhosin_log_sapi)
+{
+	if (!new_value) {
+		SPG(log_sapi) = S_ALL & ~S_SQL;
+	} else {
+		SPG(log_sapi) = atoi(new_value);
+	}
+	return SUCCESS;
+}
+static ZEND_INI_MH(OnUpdateSuhosin_log_script)
+{
+	if (!new_value) {
+		SPG(log_script) = S_ALL & ~S_MEMORY;
+	} else {
+		SPG(log_script) = atoi(new_value) & (~S_MEMORY) & (~S_INTERNAL);
+	}
+	return SUCCESS;
+}
+static ZEND_INI_MH(OnUpdateSuhosin_log_scriptname)
+{
+	if (SPG(log_scriptname)) {
+		pefree(SPG(log_scriptname),1);
+	}
+        SPG(log_scriptname) = NULL;
+	if (new_value) {
+		SPG(log_scriptname) = pestrdup(new_value,1);
+	}
+	return SUCCESS;
+}
+static ZEND_INI_MH(OnUpdateSuhosin_log_phpscript)
+{
+	if (!new_value) {
+		SPG(log_phpscript) = S_ALL & ~S_MEMORY;
+	} else {
+		SPG(log_phpscript) = atoi(new_value) & (~S_MEMORY) & (~S_INTERNAL);
+	}
+	return SUCCESS;
+}
+#endif
+
 ZEND_INI_BEGIN()
 	ZEND_INI_ENTRY("error_reporting",				NULL,		ZEND_INI_ALL,		OnUpdateErrorReporting)
 	STD_ZEND_INI_BOOLEAN("zend.enable_gc",				"1",	ZEND_INI_ALL,		OnUpdateGCEnabled,      gc_enabled,     zend_gc_globals,        gc_globals)
diff -Naurp php-5.3.6RC1/Zend/zend_canary.c php-5.3.6RC1.oden/Zend/zend_canary.c
--- php-5.3.6RC1/Zend/zend_canary.c	1970-01-01 01:00:00.000000000 +0100
+++ php-5.3.6RC1.oden/Zend/zend_canary.c	2011-02-20 11:50:19.322839257 +0100
@@ -0,0 +1,66 @@
+/*
+   +----------------------------------------------------------------------+
+   | Suhosin-Patch for PHP                                                |
+   +----------------------------------------------------------------------+
+   | Copyright (c) 2004-2009 Stefan Esser                                 |
+   +----------------------------------------------------------------------+
+   | This source file is subject to version 2.02 of the PHP license,      |
+   | that is bundled with this package in the file LICENSE, and is        |
+   | available at through the world-wide-web at                           |
+   | http://www.php.net/license/2_02.txt.                                 |
+   | If you did not receive a copy of the PHP license and are unable to   |
+   | obtain it through the world-wide-web, please send a note to          |
+   | license@php.net so we can mail you a copy immediately.               |
+   +----------------------------------------------------------------------+
+   | Author: Stefan Esser <stefan.esser@sektioneins.de>                   |
+   +----------------------------------------------------------------------+
+ */
+/* $Id$ */
+
+#include "zend.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+
+
+#if SUHOSIN_PATCH
+
+static size_t last_canary = 0x73625123;
+
+/* will be replaced later with more compatible method */
+ZEND_API void zend_canary(void *buf, int len)
+{
+	time_t t;
+	size_t canary;
+	int fd;
+	
+#ifndef PHP_WIN32
+	fd = open("/dev/urandom", 0);
+	if (fd != -1) {
+		int r = read(fd, buf, len);
+		close(fd);
+		if (r == len) {
+			return;
+		}
+	}
+#endif	
+	/* not good but we never want to do this */
+	time(&t);
+	canary = *(unsigned int *)&t + getpid() << 16 + last_canary;
+	last_canary ^= (canary << 5) | (canary >> (32-5));
+	/* When we ensure full win32 compatibility in next version
+	   we will replace this with the random number code from zend_alloc.c */
+        memcpy(buf, &canary, len);
+}
+
+#endif
+
+
+/*
+ * Local variables:
+ * tab-width: 4
+ * c-basic-offset: 4
+ * End:
+ * vim600: sw=4 ts=4 fdm=marker
+ * vim<600: sw=4 ts=4
+ */
diff -Naurp php-5.3.6RC1/Zend/zend_compile.c php-5.3.6RC1.oden/Zend/zend_compile.c
--- php-5.3.6RC1/Zend/zend_compile.c	2011-01-19 18:17:52.000000000 +0100
+++ php-5.3.6RC1.oden/Zend/zend_compile.c	2011-02-20 11:50:19.323839398 +0100
@@ -73,6 +73,11 @@ static void zend_destroy_property_info_i
 }
 /* }}} */
 
+#if SUHOSIN_PATCH
+void *suhosin_zend_destroy_property_info_internal = zend_destroy_property_info_internal;
+void *suhosin_zend_destroy_property_info = zend_destroy_property_info;
+#endif
+
 static void build_runtime_defined_function_key(zval *result, const char *name, int name_length TSRMLS_DC) /* {{{ */
 {
 	char char_pos_buf[32];
diff -Naurp php-5.3.6RC1/Zend/zend_compile.h php-5.3.6RC1.oden/Zend/zend_compile.h
--- php-5.3.6RC1/Zend/zend_compile.h	2011-01-01 03:19:59.000000000 +0100
+++ php-5.3.6RC1.oden/Zend/zend_compile.h	2011-02-20 11:50:19.324839539 +0100
@@ -606,6 +606,11 @@ ZEND_API zend_bool zend_is_auto_global(c
 ZEND_API int zend_auto_global_disable_jit(const char *varname, zend_uint varname_length TSRMLS_DC);
 ZEND_API size_t zend_dirname(char *path, size_t len);
 
+#if SUHOSIN_PATCH
+extern void *suhosin_zend_destroy_property_info_internal;
+extern void *suhosin_zend_destroy_property_info;
+#endif
+
 int zendlex(znode *zendlval TSRMLS_DC);
 
 /* BEGIN: OPCODES */
diff -Naurp php-5.3.6RC1/Zend/zend_constants.c php-5.3.6RC1.oden/Zend/zend_constants.c
--- php-5.3.6RC1/Zend/zend_constants.c	2011-01-16 21:39:22.000000000 +0100
+++ php-5.3.6RC1.oden/Zend/zend_constants.c	2011-02-20 11:52:28.887065479 +0100
@@ -115,6 +115,77 @@ void zend_register_standard_constants(TS
 
 	REGISTER_MAIN_LONG_CONSTANT("DEBUG_BACKTRACE_PROVIDE_OBJECT", DEBUG_BACKTRACE_PROVIDE_OBJECT, CONST_PERSISTENT | CONST_CS);
 	REGISTER_MAIN_LONG_CONSTANT("DEBUG_BACKTRACE_IGNORE_ARGS", DEBUG_BACKTRACE_IGNORE_ARGS, CONST_PERSISTENT | CONST_CS);
+
+#if SUHOSIN_PATCH
+	REGISTER_MAIN_LONG_CONSTANT("S_MEMORY", S_MEMORY, CONST_PERSISTENT | CONST_CS);
+	REGISTER_MAIN_LONG_CONSTANT("S_VARS", S_VARS, CONST_PERSISTENT | CONST_CS);
+	REGISTER_MAIN_LONG_CONSTANT("S_FILES", S_FILES, CONST_PERSISTENT | CONST_CS);
+	REGISTER_MAIN_LONG_CONSTANT("S_INCLUDE", S_INCLUDE, CONST_PERSISTENT | CONST_CS);
+	REGISTER_MAIN_LONG_CONSTANT("S_SQL", S_SQL, CONST_PERSISTENT | CONST_CS);
+	REGISTER_MAIN_LONG_CONSTANT("S_EXECUTOR", S_EXECUTOR, CONST_PERSISTENT | CONST_CS);
+	REGISTER_MAIN_LONG_CONSTANT("S_MAIL", S_MAIL, CONST_PERSISTENT | CONST_CS);
+	REGISTER_MAIN_LONG_CONSTANT("S_SESSION", S_SESSION, CONST_PERSISTENT | CONST_CS);
+	REGISTER_MAIN_LONG_CONSTANT("S_MISC", S_MISC, CONST_PERSISTENT | CONST_CS);
+	REGISTER_MAIN_LONG_CONSTANT("S_INTERNAL", S_INTERNAL, CONST_PERSISTENT | CONST_CS);
+	REGISTER_MAIN_LONG_CONSTANT("S_ALL", S_ALL, CONST_PERSISTENT | CONST_CS);
+
+	/* error levels */
+	REGISTER_MAIN_LONG_CONSTANT("LOG_EMERG", LOG_EMERG, CONST_CS | CONST_PERSISTENT); /* system unusable */
+	REGISTER_MAIN_LONG_CONSTANT("LOG_ALERT", LOG_ALERT, CONST_CS | CONST_PERSISTENT); /* immediate action required */
+	REGISTER_MAIN_LONG_CONSTANT("LOG_CRIT", LOG_CRIT, CONST_CS | CONST_PERSISTENT); /* critical conditions */
+	REGISTER_MAIN_LONG_CONSTANT("LOG_ERR", LOG_ERR, CONST_CS | CONST_PERSISTENT); 
+	REGISTER_MAIN_LONG_CONSTANT("LOG_WARNING", LOG_WARNING, CONST_CS | CONST_PERSISTENT);
+	REGISTER_MAIN_LONG_CONSTANT("LOG_NOTICE", LOG_NOTICE, CONST_CS | CONST_PERSISTENT);
+	REGISTER_MAIN_LONG_CONSTANT("LOG_INFO", LOG_INFO, CONST_CS | CONST_PERSISTENT);
+	REGISTER_MAIN_LONG_CONSTANT("LOG_DEBUG", LOG_DEBUG, CONST_CS | CONST_PERSISTENT);
+	/* facility: type of program logging the message */
+	REGISTER_MAIN_LONG_CONSTANT("LOG_KERN", LOG_KERN, CONST_CS | CONST_PERSISTENT);
+	REGISTER_MAIN_LONG_CONSTANT("LOG_USER", LOG_USER, CONST_CS | CONST_PERSISTENT); /* generic user level */
+	REGISTER_MAIN_LONG_CONSTANT("LOG_MAIL", LOG_MAIL, CONST_CS | CONST_PERSISTENT); /* log to email */
+	REGISTER_MAIN_LONG_CONSTANT("LOG_DAEMON", LOG_DAEMON, CONST_CS | CONST_PERSISTENT); /* other system daemons */
+	REGISTER_MAIN_LONG_CONSTANT("LOG_AUTH", LOG_AUTH, CONST_CS | CONST_PERSISTENT);
+	REGISTER_MAIN_LONG_CONSTANT("LOG_SYSLOG", LOG_SYSLOG, CONST_CS | CONST_PERSISTENT);
+	REGISTER_MAIN_LONG_CONSTANT("LOG_LPR", LOG_LPR, CONST_CS | CONST_PERSISTENT);
+#ifdef LOG_NEWS
+	/* No LOG_NEWS on HP-UX */
+	REGISTER_MAIN_LONG_CONSTANT("LOG_NEWS", LOG_NEWS, CONST_CS | CONST_PERSISTENT); /* usenet new */
+#endif
+#ifdef LOG_UUCP
+	/* No LOG_UUCP on HP-UX */
+	REGISTER_MAIN_LONG_CONSTANT("LOG_UUCP", LOG_UUCP, CONST_CS | CONST_PERSISTENT);
+#endif
+#ifdef LOG_CRON
+	/* apparently some systems don't have this one */
+	REGISTER_MAIN_LONG_CONSTANT("LOG_CRON", LOG_CRON, CONST_CS | CONST_PERSISTENT);
+#endif
+#ifdef LOG_AUTHPRIV
+	/* AIX doesn't have LOG_AUTHPRIV */
+	REGISTER_MAIN_LONG_CONSTANT("LOG_AUTHPRIV", LOG_AUTHPRIV, CONST_CS | CONST_PERSISTENT);
+#endif
+#ifndef PHP_WIN32
+	REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL0", LOG_LOCAL0, CONST_CS | CONST_PERSISTENT);
+	REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL1", LOG_LOCAL1, CONST_CS | CONST_PERSISTENT);
+	REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL2", LOG_LOCAL2, CONST_CS | CONST_PERSISTENT);
+	REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL3", LOG_LOCAL3, CONST_CS | CONST_PERSISTENT);
+	REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL4", LOG_LOCAL4, CONST_CS | CONST_PERSISTENT);
+	REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL5", LOG_LOCAL5, CONST_CS | CONST_PERSISTENT);
+	REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL6", LOG_LOCAL6, CONST_CS | CONST_PERSISTENT);
+	REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL7", LOG_LOCAL7, CONST_CS | CONST_PERSISTENT);
+#endif
+	/* options */
+	REGISTER_MAIN_LONG_CONSTANT("LOG_PID", LOG_PID, CONST_CS | CONST_PERSISTENT);
+	REGISTER_MAIN_LONG_CONSTANT("LOG_CONS", LOG_CONS, CONST_CS | CONST_PERSISTENT);
+	REGISTER_MAIN_LONG_CONSTANT("LOG_ODELAY", LOG_ODELAY, CONST_CS | CONST_PERSISTENT);
+	REGISTER_MAIN_LONG_CONSTANT("LOG_NDELAY", LOG_NDELAY, CONST_CS | CONST_PERSISTENT);
+#ifdef LOG_NOWAIT
+	REGISTER_MAIN_LONG_CONSTANT("LOG_NOWAIT", LOG_NOWAIT, CONST_CS | CONST_PERSISTENT);
+#endif
+#ifdef LOG_PERROR
+	/* AIX doesn't have LOG_PERROR */
+	REGISTER_MAIN_LONG_CONSTANT("LOG_PERROR", LOG_PERROR, CONST_CS | CONST_PERSISTENT); /*log to stderr*/
+#endif
+#endif
+
 	/* true/false constants */
 	{
 		zend_constant c;
diff -Naurp php-5.3.6RC1/Zend/zend_errors.h php-5.3.6RC1.oden/Zend/zend_errors.h
--- php-5.3.6RC1/Zend/zend_errors.h	2011-01-01 03:19:59.000000000 +0100
+++ php-5.3.6RC1.oden/Zend/zend_errors.h	2011-02-20 11:50:19.326839821 +0100
@@ -41,6 +41,20 @@
 #define E_ALL (E_ERROR | E_WARNING | E_PARSE | E_NOTICE | E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_COMPILE_WARNING | E_USER_ERROR | E_USER_WARNING | E_USER_NOTICE | E_RECOVERABLE_ERROR | E_DEPRECATED | E_USER_DEPRECATED)
 #define E_CORE (E_CORE_ERROR | E_CORE_WARNING)
 
+#if SUHOSIN_PATCH
+#define S_MEMORY			(1<<0L)
+#define S_MISC				(1<<1L)
+#define S_VARS				(1<<2L)
+#define S_FILES				(1<<3L)
+#define S_INCLUDE			(1<<4L)
+#define S_SQL				(1<<5L)
+#define S_EXECUTOR			(1<<6L)
+#define S_MAIL				(1<<7L)
+#define S_SESSION			(1<<8L)
+#define S_INTERNAL			(1<<29L)
+#define S_ALL (S_MEMORY | S_VARS | S_INCLUDE | S_FILES | S_MAIL | S_SESSION | S_MISC | S_SQL | S_EXECUTOR)
+#endif
+
 #endif /* ZEND_ERRORS_H */
 
 /*
diff -Naurp php-5.3.6RC1/Zend/zend.h php-5.3.6RC1.oden/Zend/zend.h
--- php-5.3.6RC1/Zend/zend.h	2011-02-20 11:45:04.146488357 +0100
+++ php-5.3.6RC1.oden/Zend/zend.h	2011-02-20 11:50:19.327839962 +0100
@@ -627,6 +627,9 @@ extern ZEND_API int (*zend_stream_open_f
 extern int (*zend_vspprintf)(char **pbuf, size_t max_len, const char *format, va_list ap);
 extern ZEND_API char *(*zend_getenv)(char *name, size_t name_len TSRMLS_DC);
 extern ZEND_API char *(*zend_resolve_path)(const char *filename, int filename_len TSRMLS_DC);
+#if SUHOSIN_PATCH
+extern ZEND_API void (*zend_suhosin_log)(int loglevel, char *fmt, ...);
+#endif
 
 ZEND_API void zend_error(int type, const char *format, ...) ZEND_ATTRIBUTE_FORMAT(printf, 2, 3);
 
@@ -774,6 +777,16 @@ ZEND_API void zend_restore_error_handlin
 #define DEBUG_BACKTRACE_PROVIDE_OBJECT (1<<0)
 #define DEBUG_BACKTRACE_IGNORE_ARGS    (1<<1)
 
+#if SUHOSIN_PATCH
+#include "suhosin_globals.h"
+#include "suhosin_patch.h"
+#include "php_syslog.h"
+
+ZEND_API void zend_canary(void *buf, int len);
+ZEND_API char suhosin_get_config(int element);
+
+#endif
+
 #endif /* ZEND_H */
 
 /*
diff -Naurp php-5.3.6RC1/Zend/zend_hash.c php-5.3.6RC1.oden/Zend/zend_hash.c
--- php-5.3.6RC1/Zend/zend_hash.c	2011-01-01 03:19:59.000000000 +0100
+++ php-5.3.6RC1.oden/Zend/zend_hash.c	2011-02-20 11:50:19.328840102 +0100
@@ -20,6 +20,7 @@
 /* $Id$ */
 
 #include "zend.h"
+#include "zend_compile.h"
 
 #define CONNECT_TO_BUCKET_DLLIST(element, list_head)		\
 	(element)->pNext = (list_head);							\
@@ -136,6 +137,199 @@ ZEND_API ulong zend_hash_func(const char
 	}
 
 
+#if SUHOSIN_PATCH
+#ifdef ZTS
+static MUTEX_T zend_hash_dprot_mx_reader;
+static MUTEX_T zend_hash_dprot_mx_writer;
+static unsigned int zend_hash_dprot_reader;
+#endif
+static unsigned int zend_hash_dprot_counter;
+static unsigned int zend_hash_dprot_curmax;
+static dtor_func_t *zend_hash_dprot_table = NULL;
+
+static void zend_hash_dprot_begin_read()
+{
+#ifdef ZTS
+	tsrm_mutex_lock(zend_hash_dprot_mx_reader);
+	if ((++(zend_hash_dprot_reader)) == 1) {
+		tsrm_mutex_lock(zend_hash_dprot_mx_writer);
+	}
+	tsrm_mutex_unlock(zend_hash_dprot_mx_reader);
+#endif
+}
+
+static void zend_hash_dprot_end_read()
+{
+#ifdef ZTS
+	tsrm_mutex_lock(zend_hash_dprot_mx_reader);
+	if ((--(zend_hash_dprot_reader)) == 0) {
+		tsrm_mutex_unlock(zend_hash_dprot_mx_writer);
+	}
+	tsrm_mutex_unlock(zend_hash_dprot_mx_reader);
+#endif
+}
+
+static void zend_hash_dprot_begin_write()
+{
+#ifdef ZTS
+	tsrm_mutex_lock(zend_hash_dprot_mx_writer);
+#endif
+}
+
+static void zend_hash_dprot_end_write()
+{
+#ifdef ZTS
+	tsrm_mutex_unlock(zend_hash_dprot_mx_writer);
+#endif
+}
+
+/*ZEND_API void zend_hash_dprot_dtor()
+{
+#ifdef ZTS
+	tsrm_mutex_free(zend_hash_dprot_mx_reader);
+	tsrm_mutex_free(zend_hash_dprot_mx_writer);
+#endif	
+	free(zend_hash_dprot_table);
+}*/
+
+static void zend_hash_add_destructor(dtor_func_t pDestructor)
+{
+	int left, right, mid;
+	zend_bool found = 0;
+	unsigned long value;
+	
+	if (pDestructor == NULL || pDestructor == ZVAL_PTR_DTOR || pDestructor == ZVAL_INTERNAL_PTR_DTOR
+	    || pDestructor == ZEND_FUNCTION_DTOR || pDestructor == ZEND_CLASS_DTOR) {
+		return;
+	}
+	
+	if (zend_hash_dprot_table == NULL) {
+#ifdef ZTS
+		zend_hash_dprot_mx_reader = tsrm_mutex_alloc();
+		zend_hash_dprot_mx_writer = tsrm_mutex_alloc();
+		zend_hash_dprot_reader = 0;
+#endif	
+		zend_hash_dprot_counter = 0;
+		zend_hash_dprot_curmax = 256;
+		zend_hash_dprot_table = (dtor_func_t *) malloc(256 * sizeof(dtor_func_t));
+	}
+	
+	zend_hash_dprot_begin_write();
+
+	if (zend_hash_dprot_counter == 0) {
+		zend_hash_dprot_counter++;
+		zend_hash_dprot_table[0] = pDestructor;
+	} else {
+		value = (unsigned long) pDestructor;
+		left = 0;
+		right = zend_hash_dprot_counter-1;
+		mid = 0;
+		
+		while (left < right) {
+			mid = (right - left) >> 1;
+			mid += left;
+			if ((unsigned long)zend_hash_dprot_table[mid] == value) {
+				found = 1;
+				break;
+			}
+			if (value < (unsigned long)zend_hash_dprot_table[mid]) {
+				right = mid-1;
+			} else {
+				left = mid+1;
+			}
+		}
+		if ((unsigned long)zend_hash_dprot_table[left] == value) {
+			found = 1;
+		}
+		
+		if (!found) {
+		
+			if (zend_hash_dprot_counter >= zend_hash_dprot_curmax) {
+				zend_hash_dprot_curmax += 256;
+				zend_hash_dprot_table = (dtor_func_t *) realloc(zend_hash_dprot_table, zend_hash_dprot_curmax * sizeof(dtor_func_t));
+			}
+			
+			if ((unsigned long)zend_hash_dprot_table[left] < value) {
+				memmove(zend_hash_dprot_table+left+2, zend_hash_dprot_table+left+1, (zend_hash_dprot_counter-left-1)*sizeof(dtor_func_t));
+				zend_hash_dprot_table[left+1] = pDestructor;
+			} else {
+				memmove(zend_hash_dprot_table+left+1, zend_hash_dprot_table+left, (zend_hash_dprot_counter-left)*sizeof(dtor_func_t));
+				zend_hash_dprot_table[left] = pDestructor;
+			}
+
+			zend_hash_dprot_counter++;
+		}
+	}
+	
+	zend_hash_dprot_end_write();
+}
+
+static void zend_hash_check_destructor(dtor_func_t pDestructor)
+{
+	unsigned long value;
+	
+	if (pDestructor == NULL || pDestructor == ZVAL_PTR_DTOR || pDestructor == ZVAL_INTERNAL_PTR_DTOR
+#ifdef ZEND_ENGINE_2
+		|| pDestructor == suhosin_zend_destroy_property_info_internal || pDestructor == suhosin_zend_destroy_property_info
+#endif
+	    || pDestructor == ZEND_FUNCTION_DTOR || pDestructor == ZEND_CLASS_DTOR) {
+		return;
+	}
+
+	zend_hash_dprot_begin_read();
+	
+	if (zend_hash_dprot_counter > 0) {
+		int left, right, mid;
+		zend_bool found = 0;
+	
+		value = (unsigned long) pDestructor;
+		left = 0;
+		right = zend_hash_dprot_counter-1;
+		
+		while (left < right) {
+			mid = (right - left) >> 1;
+			mid += left;
+			if ((unsigned long)zend_hash_dprot_table[mid] == value) {
+				found = 1;
+				break;
+			}
+			if (value < (unsigned long)zend_hash_dprot_table[mid]) {
+				right = mid-1;
+			} else {
+				left = mid+1;
+			}
+		}
+		if ((unsigned long)zend_hash_dprot_table[left] == value) {
+			found = 1;
+		}
+		
+		if (!found) {
+			zend_hash_dprot_end_read();
+		
+			zend_suhosin_log(S_MEMORY, "possible memory corruption detected - unknown Hashtable destructor");
+			if (SUHOSIN_CONFIG(SUHOSIN_HT_IGNORE_INVALID_DESTRUCTOR) == 0) {
+			        _exit(1);
+		        }
+			return;
+		}
+	
+	} else {
+		zend_hash_dprot_end_read();
+	
+		zend_suhosin_log(S_MEMORY, "possible memory corruption detected - unknown Hashtable destructor");
+		if (SUHOSIN_CONFIG(SUHOSIN_HT_IGNORE_INVALID_DESTRUCTOR) == 0) {
+		        _exit(1);
+	        }
+		return;	        
+	}
+	
+	zend_hash_dprot_end_read();
+}
+
+#else
+#define zend_hash_add_destructor(pDestructor) do {} while(0)
+#define zend_hash_check_destructor(pDestructor) do {} while(0)
+#endif
 
 ZEND_API int _zend_hash_init(HashTable *ht, uint nSize, hash_func_t pHashFunction, dtor_func_t pDestructor, zend_bool persistent ZEND_FILE_LINE_DC)
 {
@@ -156,6 +350,7 @@ ZEND_API int _zend_hash_init(HashTable *
 
 	ht->nTableMask = ht->nTableSize - 1;
 	ht->pDestructor = pDestructor;
+	zend_hash_add_destructor(pDestructor);
 	ht->arBuckets = NULL;
 	ht->pListHead = NULL;
 	ht->pListTail = NULL;
@@ -233,6 +428,7 @@ ZEND_API int _zend_hash_add_or_update(Ha
 					return FAILURE;
 				}
 #endif
+				zend_hash_check_destructor(ht->pDestructor);
 				if (ht->pDestructor) {
 					ht->pDestructor(p->pData);
 				}
@@ -298,6 +494,7 @@ ZEND_API int _zend_hash_quick_add_or_upd
 					return FAILURE;
 				}
 #endif
+                                zend_hash_check_destructor(ht->pDestructor);
 				if (ht->pDestructor) {
 					ht->pDestructor(p->pData);
 				}
@@ -373,6 +570,7 @@ ZEND_API int _zend_hash_index_update_or_
 				return FAILURE;
 			}
 #endif
+                        zend_hash_check_destructor(ht->pDestructor);
 			if (ht->pDestructor) {
 				ht->pDestructor(p->pData);
 			}
@@ -496,6 +694,7 @@ ZEND_API int zend_hash_del_key_or_index(
 			if (ht->pInternalPointer == p) {
 				ht->pInternalPointer = p->pListNext;
 			}
+			zend_hash_check_destructor(ht->pDestructor);
 			if (ht->pDestructor) {
 				ht->pDestructor(p->pData);
 			}
@@ -522,6 +721,7 @@ ZEND_API void zend_hash_destroy(HashTabl
 	SET_INCONSISTENT(HT_IS_DESTROYING);
 
 	p = ht->pListHead;
+	zend_hash_check_destructor(ht->pDestructor);
 	while (p != NULL) {
 		q = p;
 		p = p->pListNext;
@@ -548,6 +748,7 @@ ZEND_API void zend_hash_clean(HashTable
 	SET_INCONSISTENT(HT_CLEANING);
 
 	p = ht->pListHead;
+	zend_hash_check_destructor(ht->pDestructor);
 	while (p != NULL) {
 		q = p;
 		p = p->pListNext;
--- x/Zend/zend_hash.c~	2011-08-20 18:08:23.000000000 +0200
+++ x/Zend/zend_hash.c	2011-08-20 18:09:01.292927307 +0200
@@ -808,6 +808,7 @@
 	ht->nNumOfElements--;
 	HANDLE_UNBLOCK_INTERRUPTIONS();
 
+	zend_hash_check_destructor(ht->pDestructor);
 	if (ht->pDestructor) {
 		ht->pDestructor(p->pData);
 	}
diff -Naurp php-5.3.6RC1/Zend/zend_llist.c php-5.3.6RC1.oden/Zend/zend_llist.c
--- php-5.3.6RC1/Zend/zend_llist.c	2011-01-01 03:19:59.000000000 +0100
+++ php-5.3.6RC1.oden/Zend/zend_llist.c	2011-02-20 11:50:19.329840242 +0100
@@ -23,6 +23,194 @@
 #include "zend_llist.h"
 #include "zend_qsort.h"
 
+#if SUHOSIN_PATCH
+#ifdef ZTS
+static MUTEX_T zend_llist_dprot_mx_reader;
+static MUTEX_T zend_llist_dprot_mx_writer;
+static unsigned int zend_llist_dprot_reader;
+#endif
+static unsigned int zend_llist_dprot_counter;
+static unsigned int zend_llist_dprot_curmax;
+static llist_dtor_func_t *zend_llist_dprot_table = NULL;
+
+static void zend_llist_dprot_begin_read()
+{
+#ifdef ZTS
+	tsrm_mutex_lock(zend_llist_dprot_mx_reader);
+	if ((++(zend_llist_dprot_reader)) == 1) {
+		tsrm_mutex_lock(zend_llist_dprot_mx_writer);
+	}
+	tsrm_mutex_unlock(zend_llist_dprot_mx_reader);
+#endif
+}
+
+static void zend_llist_dprot_end_read()
+{
+#ifdef ZTS
+	tsrm_mutex_lock(zend_llist_dprot_mx_reader);
+	if ((--(zend_llist_dprot_reader)) == 0) {
+		tsrm_mutex_unlock(zend_llist_dprot_mx_writer);
+	}
+	tsrm_mutex_unlock(zend_llist_dprot_mx_reader);
+#endif
+}
+
+static void zend_llist_dprot_begin_write()
+{
+#ifdef ZTS
+	tsrm_mutex_lock(zend_llist_dprot_mx_writer);
+#endif
+}
+
+static void zend_llist_dprot_end_write()
+{
+#ifdef ZTS
+	tsrm_mutex_unlock(zend_llist_dprot_mx_writer);
+#endif
+}
+
+/*ZEND_API void zend_llist_dprot_dtor()
+{
+#ifdef ZTS
+	tsrm_mutex_free(zend_llist_dprot_mx_reader);
+	tsrm_mutex_free(zend_llist_dprot_mx_writer);
+#endif	
+	free(zend_llist_dprot_table);
+}*/
+
+static void zend_llist_add_destructor(llist_dtor_func_t pDestructor)
+{
+	int left, right, mid;
+	zend_bool found = 0;
+	unsigned long value;
+	
+	if (pDestructor == NULL || pDestructor == ZVAL_PTR_DTOR) {
+		return;
+	}
+	
+	if (zend_llist_dprot_table == NULL) {
+#ifdef ZTS
+		zend_llist_dprot_mx_reader = tsrm_mutex_alloc();
+		zend_llist_dprot_mx_writer = tsrm_mutex_alloc();
+		zend_llist_dprot_reader = 0;
+#endif	
+		zend_llist_dprot_counter = 0;
+		zend_llist_dprot_curmax = 256;
+		zend_llist_dprot_table = (llist_dtor_func_t *) malloc(256 * sizeof(llist_dtor_func_t));
+	}
+	
+	zend_llist_dprot_begin_write();
+
+	if (zend_llist_dprot_counter == 0) {
+		zend_llist_dprot_counter++;
+		zend_llist_dprot_table[0] = pDestructor;
+	} else {
+		value = (unsigned long) pDestructor;
+		left = 0;
+		right = zend_llist_dprot_counter-1;
+		mid = 0;
+		
+		while (left < right) {
+			mid = (right - left) >> 1;
+			mid += left;
+			if ((unsigned long)zend_llist_dprot_table[mid] == value) {
+				found = 1;
+				break;
+			}
+			if (value < (unsigned long)zend_llist_dprot_table[mid]) {
+				right = mid-1;
+			} else {
+				left = mid+1;
+			}
+		}
+		if ((unsigned long)zend_llist_dprot_table[left] == value) {
+			found = 1;
+		}
+		
+		if (!found) {
+		
+			if (zend_llist_dprot_counter >= zend_llist_dprot_curmax) {
+				zend_llist_dprot_curmax += 256;
+				zend_llist_dprot_table = (llist_dtor_func_t *) realloc(zend_llist_dprot_table, zend_llist_dprot_curmax * sizeof(llist_dtor_func_t));
+			}
+			
+			if ((unsigned long)zend_llist_dprot_table[left] < value) {
+				memmove(zend_llist_dprot_table+left+2, zend_llist_dprot_table+left+1, (zend_llist_dprot_counter-left-1)*sizeof(llist_dtor_func_t));
+				zend_llist_dprot_table[left+1] = pDestructor;
+			} else {
+				memmove(zend_llist_dprot_table+left+1, zend_llist_dprot_table+left, (zend_llist_dprot_counter-left)*sizeof(llist_dtor_func_t));
+				zend_llist_dprot_table[left] = pDestructor;
+			}
+
+			zend_llist_dprot_counter++;
+		}
+	}
+	
+	zend_llist_dprot_end_write();
+}
+
+static void zend_llist_check_destructor(llist_dtor_func_t pDestructor)
+{
+	unsigned long value;
+	
+	if (pDestructor == NULL || pDestructor == ZVAL_PTR_DTOR) {
+		return;
+	}
+
+	zend_llist_dprot_begin_read();
+	
+	if (zend_llist_dprot_counter > 0) {
+		int left, right, mid;
+		zend_bool found = 0;
+	
+		value = (unsigned long) pDestructor;
+		left = 0;
+		right = zend_llist_dprot_counter-1;
+		
+		while (left < right) {
+			mid = (right - left) >> 1;
+			mid += left;
+			if ((unsigned long)zend_llist_dprot_table[mid] == value) {
+				found = 1;
+				break;
+			}
+			if (value < (unsigned long)zend_llist_dprot_table[mid]) {
+				right = mid-1;
+			} else {
+				left = mid+1;
+			}
+		}
+		if ((unsigned long)zend_llist_dprot_table[left] == value) {
+			found = 1;
+		}
+		
+		if (!found) {
+			zend_llist_dprot_end_read();
+		
+		        zend_suhosin_log(S_MEMORY, "possible memory corruption detected - unknown llist destructor");
+			if (SUHOSIN_CONFIG(SUHOSIN_LL_IGNORE_INVALID_DESTRUCTOR) == 0) {
+			        _exit(1);
+		        }
+			return;
+		}
+	
+	} else {
+		zend_llist_dprot_end_read();
+	
+	        zend_suhosin_log(S_MEMORY, "possible memory corruption detected - unknown llist destructor");
+		if (SUHOSIN_CONFIG(SUHOSIN_LL_IGNORE_INVALID_DESTRUCTOR) == 0) {
+		        _exit(1);
+	        }
+		return;	        
+	}
+	
+	zend_llist_dprot_end_read();
+}
+#else
+#define zend_llist_add_destructor(pDestructor) do {} while(0)
+#define zend_llist_check_destructor(pDestructor) do {} while(0)
+#endif
+
 ZEND_API void zend_llist_init(zend_llist *l, size_t size, llist_dtor_func_t dtor, unsigned char persistent)
 {
 	l->head  = NULL;
@@ -30,6 +218,7 @@ ZEND_API void zend_llist_init(zend_llist
 	l->count = 0;
 	l->size  = size;
 	l->dtor  = dtor;
+	zend_llist_add_destructor(dtor);
 	l->persistent = persistent;
 }
 
@@ -81,6 +270,7 @@ ZEND_API void zend_llist_prepend_element
 			} else {\
 				(l)->tail = (current)->prev;\
 			}\
+			zend_llist_check_destructor((l)->dtor); \
 			if ((l)->dtor) {\
 				(l)->dtor((current)->data);\
 			}\
@@ -108,6 +298,7 @@ ZEND_API void zend_llist_destroy(zend_ll
 {
 	zend_llist_element *current=l->head, *next;
 	
+	zend_llist_check_destructor(l->dtor);
 	while (current) {
 		next = current->next;
 		if (l->dtor) {
@@ -133,6 +324,7 @@ ZEND_API void *zend_llist_remove_tail(ze
 	zend_llist_element *old_tail;
 	void *data;
 
+	zend_llist_check_destructor((l)->dtor);
 	if ((old_tail = l->tail)) {
 		if (old_tail->prev) {
 			old_tail->prev->next = NULL;
diff -Naurp php-5.3.6RC1/Zend/zend_operators.c php-5.3.6RC1.oden/Zend/zend_operators.c
--- php-5.3.6RC1/Zend/zend_operators.c	2011-01-01 03:19:59.000000000 +0100
+++ php-5.3.6RC1.oden/Zend/zend_operators.c	2011-02-20 11:50:19.330840383 +0100
@@ -153,9 +153,14 @@ ZEND_API void convert_scalar_to_number(z
 		case IS_STRING:
 			{
 				char *strval;
+                                int strl;
 
 				strval = Z_STRVAL_P(op);
-				if ((Z_TYPE_P(op)=is_numeric_string(strval, Z_STRLEN_P(op), &Z_LVAL_P(op), &Z_DVAL_P(op), 1)) == 0) {
+                                strl   = Z_STRLEN_P(op);
+#if SUHOSIN_PATCH
+                                Z_STRLEN_P(op) = 0;
+#endif
+				if ((Z_TYPE_P(op)=is_numeric_string(strval, strl, &Z_LVAL_P(op), &Z_DVAL_P(op), 1)) == 0) {
 					ZVAL_LONG(op, 0);
 				}
 				STR_FREE(strval);
@@ -187,7 +192,8 @@ ZEND_API void convert_scalar_to_number(z
 	} else {														\
 		switch (Z_TYPE_P(op)) {										\
 			case IS_STRING:											\
-				{													\
+				{ \
+                                        Z_STRLEN(holder) = 0;													\
 					if ((Z_TYPE(holder)=is_numeric_string(Z_STRVAL_P(op), Z_STRLEN_P(op), &Z_LVAL(holder), &Z_DVAL(holder), 1)) == 0) {	\
 						ZVAL_LONG(&(holder), 0);							\
 					}														\
@@ -229,6 +235,7 @@ ZEND_API void convert_scalar_to_number(z
 				Z_LVAL(holder) = zend_dval_to_lval(Z_DVAL_P(op));	\
 				break;												\
 			case IS_STRING:											\
+                                Z_STRLEN(holder) = 0; \
 				Z_LVAL(holder) = strtol(Z_STRVAL_P(op), NULL, 10);	\
 				break;												\
 			case IS_ARRAY:											\
@@ -271,6 +278,7 @@ ZEND_API void convert_scalar_to_number(z
 				Z_LVAL(holder) = (Z_DVAL_P(op) ? 1 : 0);			\
 				break;												\
 			case IS_STRING:											\
+                                Z_STRLEN(holder) = 0; \
 				if (Z_STRLEN_P(op) == 0								\
 					|| (Z_STRLEN_P(op)==1 && Z_STRVAL_P(op)[0]=='0')) {	\
 					Z_LVAL(holder) = 0;								\
@@ -356,6 +364,9 @@ ZEND_API void convert_to_long_base(zval
 			{
 				char *strval = Z_STRVAL_P(op);
 
+#if SUHOSIN_PATCH
+                                Z_STRLEN_P(op) = 0;
+#endif
 				Z_LVAL_P(op) = strtol(strval, NULL, base);
 				STR_FREE(strval);
 			}
@@ -416,6 +427,9 @@ ZEND_API void convert_to_double(zval *op
 			{
 				char *strval = Z_STRVAL_P(op);
 
+#if SUHOSIN_PATCH
+                                Z_STRLEN_P(op) = 0;
+#endif
 				Z_DVAL_P(op) = zend_strtod(strval, NULL);
 				STR_FREE(strval);
 			}
@@ -502,8 +516,14 @@ ZEND_API void convert_to_boolean(zval *o
 
 				if (Z_STRLEN_P(op) == 0
 					|| (Z_STRLEN_P(op)==1 && Z_STRVAL_P(op)[0]=='0')) {
+#if SUHOSIN_PATCH
+                                        Z_STRLEN_P(op) = 0;
+#endif
 					Z_LVAL_P(op) = 0;
 				} else {
+#if SUHOSIN_PATCH
+                                        Z_STRLEN_P(op) = 0;
+#endif
 					Z_LVAL_P(op) = 1;
 				}
 				STR_FREE(strval);
@@ -617,6 +637,9 @@ static void convert_scalar_to_array(zval
 	*entry = *op;
 	INIT_PZVAL(entry);
 
+#if SUHOSIN_PATCH
+        Z_STRLEN_P(op) = 0;
+#endif
 	switch (type) {
 		case IS_ARRAY:
 			ALLOC_HASHTABLE(Z_ARRVAL_P(op));
diff -Naurp php-5.3.6RC1/Zend/zend_variables.c php-5.3.6RC1.oden/Zend/zend_variables.c
--- php-5.3.6RC1/Zend/zend_variables.c	2011-01-01 03:19:59.000000000 +0100
+++ php-5.3.6RC1.oden/Zend/zend_variables.c	2011-02-20 11:50:19.331840524 +0100
@@ -34,6 +34,9 @@ ZEND_API void _zval_dtor_func(zval *zval
 		case IS_CONSTANT:
 			CHECK_ZVAL_STRING_REL(zvalue);
 			STR_FREE_REL(zvalue->value.str.val);
+#if SUHOSIN_PATCH
+                        zvalue->value.str.len = 0;
+#endif
 			break;
 		case IS_ARRAY:
 		case IS_CONSTANT_ARRAY: {
@@ -78,6 +81,9 @@ ZEND_API void _zval_internal_dtor(zval *
 		case IS_CONSTANT:
 			CHECK_ZVAL_STRING_REL(zvalue);
 			free(zvalue->value.str.val);
+#if SUHOSIN_PATCH
+                        zvalue->value.str.len = 0;
+#endif
 			break;
 		case IS_ARRAY:
 		case IS_CONSTANT_ARRAY: