From f2ddfd31ef38f806a82b61ca3f780752efb9b4c0 Mon Sep 17 00:00:00 2001
From: Florian Engelhardt <florian.engelhardt@datadoghq.com>
Date: Tue, 23 Dec 2025 16:32:38 +0100
Subject: [PATCH] fix(profiling): use cached heap in alloc_prof_orig_*
 functions

A crash report indicated that `_zend_mm_alloc` was being called with an invalid heap pointer
This invalid pointer originated from the call to `zend::zend_mm_get_heap()` within `alloc_prof_orig_alloc`.
---
 profiling/src/allocation/allocation_le83.rs | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/profiling/src/allocation/allocation_le83.rs b/profiling/src/allocation/allocation_le83.rs
index 506c5b6c38e..ab9472812bc 100644
--- a/profiling/src/allocation/allocation_le83.rs
+++ b/profiling/src/allocation/allocation_le83.rs
@@ -373,7 +373,9 @@ unsafe fn alloc_prof_prev_alloc(len: size_t) -> *mut c_void {
 }
 
 unsafe fn alloc_prof_orig_alloc(len: size_t) -> *mut c_void {
-    let heap = zend::zend_mm_get_heap();
+    // Safety: `ZEND_MM_STATE.heap` will be initialised in `alloc_prof_rinit()` and custom ZendMM
+    // handlers are only installed and pointing to this function if initialization was succesful.
+    let heap = tls_zend_mm_state_get!(heap).unwrap_unchecked();
     let (prepare, restore) = tls_zend_mm_state_get!(prepare_restore_zend_heap);
     let custom_heap = prepare(heap);
     let ptr: *mut c_void = zend::_zend_mm_alloc(heap, len);
@@ -398,7 +400,9 @@ unsafe fn alloc_prof_prev_free(ptr: *mut c_void) {
 }
 
 unsafe fn alloc_prof_orig_free(ptr: *mut c_void) {
-    let heap = zend::zend_mm_get_heap();
+    // Safety: `ZEND_MM_STATE.heap` will be initialised in `alloc_prof_rinit()` and custom ZendMM
+    // handlers are only installed and pointing to this function if initialization was succesful.
+    let heap = tls_zend_mm_state_get!(heap).unwrap_unchecked();
     zend::_zend_mm_free(heap, ptr);
 }
 
@@ -432,7 +436,9 @@ unsafe fn alloc_prof_prev_realloc(prev_ptr: *mut c_void, len: size_t) -> *mut c_
 }
 
 unsafe fn alloc_prof_orig_realloc(prev_ptr: *mut c_void, len: size_t) -> *mut c_void {
-    let heap = zend::zend_mm_get_heap();
+    // Safety: `ZEND_MM_STATE.heap` will be initialised in `alloc_prof_rinit()` and custom ZendMM
+    // handlers are only installed and pointing to this function if initialization was succesful.
+    let heap = tls_zend_mm_state_get!(heap).unwrap_unchecked();
     let (prepare, restore) = tls_zend_mm_state_get!(prepare_restore_zend_heap);
     let custom_heap = prepare(heap);
     let ptr: *mut c_void = zend::_zend_mm_realloc(heap, prev_ptr, len);