php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #79172 STRUCT_OFFSET() relies on undefined behavior
Submitted: 2020-01-27 14:39 UTC Modified: 2020-01-28 08:20 UTC
From: cmb@php.net Assigned: cmb (profile)
Status: Closed Package: MySQLi related
PHP Version: 7.2.27 OS: *
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: cmb@php.net
New email:
PHP Version: OS:

 

 [2020-01-27 14:39 UTC] cmb@php.net 
Description:
------------
The STRUCT_OFFSET() macro[1] evaluates to an expression which
relies on undefined behavior (null pointer dereferencing).  I'm
not sure if that qualifies as security issue, but it is certainly
a bug.

<https://github.com/php/php-src/blob/php-7.2.27/ext/mysqlnd/mysqlnd_portability.h#L18>



Test script:
---------------
mysqli_connect($host, $user, $password, $database);

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-01-27 14:39 UTC] cmb@php.net 
Suggested patch:

 ext/mysqlnd/mysqlnd_portability.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ext/mysqlnd/mysqlnd_portability.h b/ext/mysqlnd/mysqlnd_portability.h
index 873f49b0cd..2064906193 100644
--- a/ext/mysqlnd/mysqlnd_portability.h
+++ b/ext/mysqlnd/mysqlnd_portability.h
@@ -15,7 +15,7 @@ This file is public domain and comes with NO WARRANTY of any kind */
 
 
 /* Comes from global.h as OFFSET, renamed to STRUCT_OFFSET */
-#define STRUCT_OFFSET(t, f)   ((size_t)(char *)&((t *)0)->f)
+#define STRUCT_OFFSET(t, f)   XtOffsetOf(t, f)
 
 #ifndef __attribute
 #if !defined(__GNUC__)
 [2020-01-27 16:01 UTC] nikic@php.net
-Type: Security +Type: Bug
 [2020-01-27 16:01 UTC] nikic@php.net 
Not a security issue, this is a pattern understood by compilers. Of course it should use XtOffsetOf at least on 7.4.
 [2020-01-28 08:20 UTC] cmb@php.net 
Automatic comment on behalf of cmbecker69@gmx.de
Revision: http://git.php.net/?p=php-src.git;a=commit;h=412b476b7fb386c6aa04efb936881f5b2250ded9
Log: Fix #79172: STRUCT_OFFSET() relies on undefined behavior
 [2020-01-28 08:20 UTC] cmb@php.net
-Status: Open +Status: Closed
 [2020-01-28 08:20 UTC] cmb@php.net
-Assigned To: +Assigned To: cmb
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Nov 01 01:01:28 2024 UTC