php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #46311 Pointer aliasing issue results in miscompile on gcc4.4
Submitted: 2008-10-16 03:16 UTC Modified: 2013-03-19 19:24 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: anton at samba dot org Assigned: dmitry (profile)
Status: Closed Package: Compile Failure
PHP Version: 5.2.9 OS: RHEL5.2 / PowerPC64
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: anton at samba dot org
New email:
PHP Version: OS:

 

 [2008-10-16 03:16 UTC] anton at samba dot org 
Description:
------------
A recent checkout of gcc4.4 miscompiles php on PowerPC64. The following function reads from p via long * and stores to p via void * which violates aliasing rules:

static inline void zend_ptr_stack_clear_multiple(TSRMLS_D)
{
        void **p = EG(argument_stack).top_element-2;
        int delete_count = (int)(zend_uintptr_t) *p;

        EG(argument_stack).top -= (delete_count+2);
        while (--delete_count>=0) {
                zval *q = *(zval **)(--p);
                *p = NULL;
                zval_ptr_dtor(&q);
        }
        EG(argument_stack).top_element = p;
}

More details can be found at:

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=37824

We can remove the (zval **) cast so that we read and write via void *p and fix the aliasing issue. I will attach a patch.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-10-16 03:20 UTC] anton at samba dot org 
I can't work out how to attach things in this tool. Here is a copy and paste of it and a non whitespace damaged version can be found at:

http://ozlabs.org/~anton/junkcode/php_fix_aliasing.patch

Index: php-5.2.6/Zend/zend_execute.h
===================================================================
--- php-5.2.6.orig/Zend/zend_execute.h  2007-12-31 02:20:02.000000000 -0500
+++ php-5.2.6/Zend/zend_execute.h       2008-10-15 23:03:01.000000000 -0400
@@ -150,7 +150,7 @@

        EG(argument_stack).top -= (delete_count+2);
        while (--delete_count>=0) {
-               zval *q = *(zval **)(--p);
+               zval *q = *(--p);
                *p = NULL;
                zval_ptr_dtor(&q);
        }
 [2008-10-16 05:54 UTC] anton at samba dot org 
To clarify... the Zend code reads via zval *, not long *. The cut down test case I submitted was simplified to use a long *.
 [2008-10-16 09:35 UTC] johannes@php.net 
Dmitry, can you check this?
 [2010-07-25 02:17 UTC] mabi at gentoo dot org 
There are Gentoo downstream bugs related to this issue:
https://bugs.gentoo.org/show_bug.cgi?id=295682
https://bugs.gentoo.org/show_bug.cgi?id=329753

I'd love to see this fixed upstream, but will ship a custom patch to get this more testing shortly.
 [2013-03-19 18:51 UTC] olemarkus@php.net 
The Gentoo patchset has been running with this for years now. Any reason why this 
has not been resolved yet?
 [2013-03-19 19:24 UTC] dmitry@php.net 
This is not a PHP problem. The C code is absolutely legal and wrong compilation caused by a bug in GCC or too aggressive optimization options that make wrong assumptions.
 [2013-08-22 07:34 UTC] olemarkus@php.net 
Does it matter exactly where the bug is? It breaks compilation on arm and sparc 
as far as I can tell, and the patch is really simple. The problem is not caused 
by aggressive optimisations at least. I would not bother upstream with it if it 
was.
 [2013-08-22 09:06 UTC] nikic@php.net 
Automatic comment on behalf of nikic
Revision: http://git.php.net/?p=php-src.git;a=commit;h=fc16b923135bf1670f6791d3998aeb19edde1ca5
Log: Fix bug #46311: Pointer aliasing issue results in miscompile on gcc4.4
 [2013-08-22 09:06 UTC] nikic@php.net
-Status: Assigned +Status: Closed
 [2013-08-22 09:10 UTC] nikic@php.net 
Fixed in 5.5 and master.
 [2013-11-17 09:30 UTC] laruence@php.net 
Automatic comment on behalf of nikic
Revision: http://git.php.net/?p=php-src.git;a=commit;h=fc16b923135bf1670f6791d3998aeb19edde1ca5
Log: Fix bug #46311: Pointer aliasing issue results in miscompile on gcc4.4
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Tue Apr 01 03:01:29 2025 UTC