|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2019-03-15 08:58 UTC] laruence@php.net
[2019-03-15 08:58 UTC] laruence@php.net
-Status: Open
+Status: Closed
[2019-03-15 16:08 UTC] nikic@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Sat Feb 22 16:01:29 2025 UTC |
Description: ------------ Test case: ext/phar/tests/phar_setsignaturealgo2.phpt has a core dump on Big-Endian platform. The Problem code is in "ext/phar/util.c": 1880 1881 if (!EVP_SignFinal (md_ctx, sigbuf,(unsigned int *)&siglen, key)) { 1882 efree(sigbuf); 1883 if (error) { 1884 spprintf(error, 0, "unable to write phar \"%s\" with requested openssl signature", phar->fname); 1885 } 1886 return FAILURE; 1887 } 1888 1889 sigbuf[siglen] = '\0'; // siglen is out of boundary, leads to a core dump 1890 EVP_MD_CTX_destroy(md_ctx); Debugger shows: (gdb) p siglen $1 = 549755814016 The reason is that "siglen" is defined as "size_t" (unsigned long), but in line 1881, when calling "EVP_SignFinal", it is cast-ed to "unsigned int" by pointer, which means to take the first 4 bytes in passing to "EVP_SignFinal". This is not a problem on Little_Endian platform, but has an issue on Big_endian platform, and caused the returned "siglen" in a large value. One of the solution is to define "siglen" as "unsigned int" instead of "size_t". Test script: --------------- ./sapi/cli/php run-tests.php -P ext/phar/tests/phar_setsignaturealgo2.phpt Expected result: ---------------- "siglen" should be returned as an index value. Actual result: -------------- (gdb) p siglen $1 = 549755814016 // wrong index value