Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix GH-17797: zend_test_compile_string crash on invalid script path. #17801

Closed
wants to merge 1 commit into from
Closed

Fix GH-17797: zend_test_compile_string crash on invalid script path. #17801

wants to merge 1 commit into from
+40 −1

Conversation

devnexen
Copy link
Member

When looking for the last slash of the script path, it leads to underflow being promoted to SIZE_MAX being way beyond MAXPATHLEN.

@devnexen devnexen marked this pull request as ready for review February 14, 2025 08:33
@devnexen devnexen requested a review from bukka as a code owner February 14, 2025 08:33
nielsdos
nielsdos reviewed Feb 14, 2025
View reviewed changes
main/fopen_wrappers.c Outdated
@@ -603,7 +603,9 @@ PHPAPI zend_string *php_resolve_path(const char *filename, size_t filename_lengt
const char *exec_fname = ZSTR_VAL(exec_filename);
size_t exec_fname_length = ZSTR_LEN(exec_filename);

while ((--exec_fname_length < SIZE_MAX) && !IS_SLASH(exec_fname[exec_fname_length]));
do {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can't this loop be rewritten in a cleaner way?
Like: check that the var is not 0 in the while loop condition along with the IS_SLASH, and modify the length in the while loop body. That seems more readable and cleaner. WDYT?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

matter of taste I would say, it does not change much things as readability IMHO but don t really object.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure. But please at least put {} around the break (and break on a new line), as now the code doesn't really comply with our code style standard.

nielsdos
nielsdos requested changes Feb 14, 2025
View reviewed changes
Copy link
Member

@nielsdos nielsdos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Something broke on Windows. And it's because the macro evaluates the expression c twice on Windows:

php-src/Zend/zend_virtual_cwd.h

Line 77 in b3dd5a4

#define IS_SLASH(c) ((c) == '/' || (c) == '\\')

If you follow my suggestion of https://github.com/php/php-src/pull/17801/files#r1956774278 then you can resolve this

@devnexen
Copy link
Member Author

Something broke on Windows. And it's because the macro evaluates the expression c twice on Windows:

php-src/Zend/zend_virtual_cwd.h

Line 77 in b3dd5a4

#define IS_SLASH(c) ((c) == '/' || (c) == '\\')

If you follow my suggestion of https://github.com/php/php-src/pull/17801/files#r1956774278 then you can resolve this

ahah good to know.

nielsdos
nielsdos reviewed Feb 14, 2025
View reviewed changes
main/fopen_wrappers.c Outdated
@@ -603,7 +603,10 @@ PHPAPI zend_string *php_resolve_path(const char *filename, size_t filename_lengt
const char *exec_fname = ZSTR_VAL(exec_filename);
size_t exec_fname_length = ZSTR_LEN(exec_filename);

while ((--exec_fname_length < SIZE_MAX) && !IS_SLASH(exec_fname[exec_fname_length]));
while (exec_fname_length != 0 && !IS_SLASH(exec_fname[exec_fname_length])) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't this be:

Suggested change
while (exec_fname_length != 0 && !IS_SLASH(exec_fname[exec_fname_length])) {
while (exec_fname_length != 0 && !IS_SLASH(exec_fname[exec_fname_length - 1])) {

or am I missing something?

@devnexen devnexen marked this pull request as draft February 14, 2025 23:45
@devnexen devnexen force-pushed the gh17797 branch 3 times, most recently from 6b5cd60 to 7e3283a Compare February 15, 2025 01:29
@devnexen devnexen marked this pull request as ready for review February 15, 2025 02:05
nielsdos
nielsdos approved these changes Feb 15, 2025
View reviewed changes
Copy link
Member

@nielsdos nielsdos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks

@devnexen
Fix phpGH-17797: zend_test_compile_string crash on invalid script path.
4f99673 
When looking for the last slash of the script path, it leads to
underflow being promoted to SIZE_MAX being way beyond MAXPATHLEN.

close phpGH-17801
@devnexen devnexen closed this in 0f63bee Feb 15, 2025
@devnexen devnexen deleted the gh17797 branch February 16, 2025 10:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nielsdos nielsdos nielsdos approved these changes

@bukka bukka Awaiting requested review from bukka bukka is a code owner

Assignees
No one assigned
Labels
Extension: zend_test
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@devnexen @nielsdos