php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #46311 Pointer aliasing issue results in miscompile on gcc4.4
Submitted: 2008-10-16 03:16 UTC Modified: 2013-03-19 19:24 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: anton at samba dot org Assigned: dmitry (profile)
Status: Closed Package: Compile Failure
PHP Version: 5.2.9 OS: RHEL5.2 / PowerPC64
Private report: No CVE-ID: None
 [2008-10-16 03:16 UTC] anton at samba dot org
Description:
------------
A recent checkout of gcc4.4 miscompiles php on PowerPC64. The following function reads from p via long * and stores to p via void * which violates aliasing rules:

static inline void zend_ptr_stack_clear_multiple(TSRMLS_D)
{
        void **p = EG(argument_stack).top_element-2;
        int delete_count = (int)(zend_uintptr_t) *p;

        EG(argument_stack).top -= (delete_count+2);
        while (--delete_count>=0) {
                zval *q = *(zval **)(--p);
                *p = NULL;
                zval_ptr_dtor(&q);
        }
        EG(argument_stack).top_element = p;
}

More details can be found at:

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=37824

We can remove the (zval **) cast so that we read and write via void *p and fix the aliasing issue. I will attach a patch.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-10-16 03:20 UTC] anton at samba dot org
I can't work out how to attach things in this tool. Here is a copy and paste of it and a non whitespace damaged version can be found at:

http://ozlabs.org/~anton/junkcode/php_fix_aliasing.patch

Index: php-5.2.6/Zend/zend_execute.h
===================================================================
--- php-5.2.6.orig/Zend/zend_execute.h  2007-12-31 02:20:02.000000000 -0500
+++ php-5.2.6/Zend/zend_execute.h       2008-10-15 23:03:01.000000000 -0400
@@ -150,7 +150,7 @@

        EG(argument_stack).top -= (delete_count+2);
        while (--delete_count>=0) {
-               zval *q = *(zval **)(--p);
+               zval *q = *(--p);
                *p = NULL;
                zval_ptr_dtor(&q);
        }
 [2008-10-16 05:54 UTC] anton at samba dot org
To clarify... the Zend code reads via zval *, not long *. The cut down test case I submitted was simplified to use a long *.
 [2008-10-16 09:35 UTC] johannes@php.net
Dmitry, can you check this?
 [2010-07-25 02:17 UTC] mabi at gentoo dot org
There are Gentoo downstream bugs related to this issue:
https://bugs.gentoo.org/show_bug.cgi?id=295682
https://bugs.gentoo.org/show_bug.cgi?id=329753

I'd love to see this fixed upstream, but will ship a custom patch to get this more testing shortly.
 [2013-03-19 18:51 UTC] olemarkus@php.net
The Gentoo patchset has been running with this for years now. Any reason why this 
has not been resolved yet?
 [2013-03-19 19:24 UTC] dmitry@php.net
This is not a PHP problem. The C code is absolutely legal and wrong compilation caused by a bug in GCC or too aggressive optimization options that make wrong assumptions.
 [2013-08-22 07:34 UTC] olemarkus@php.net
Does it matter exactly where the bug is? It breaks compilation on arm and sparc 
as far as I can tell, and the patch is really simple. The problem is not caused 
by aggressive optimisations at least. I would not bother upstream with it if it 
was.
 [2013-08-22 09:06 UTC] nikic@php.net
Automatic comment on behalf of nikic
Revision: http://git.php.net/?p=php-src.git;a=commit;h=fc16b923135bf1670f6791d3998aeb19edde1ca5
Log: Fix bug #46311: Pointer aliasing issue results in miscompile on gcc4.4
 [2013-08-22 09:06 UTC] nikic@php.net
-Status: Assigned +Status: Closed
 [2013-08-22 09:10 UTC] nikic@php.net
Fixed in 5.5 and master.
 [2013-11-17 09:30 UTC] laruence@php.net
Automatic comment on behalf of nikic
Revision: http://git.php.net/?p=php-src.git;a=commit;h=fc16b923135bf1670f6791d3998aeb19edde1ca5
Log: Fix bug #46311: Pointer aliasing issue results in miscompile on gcc4.4
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 02:01:28 2024 UTC