PHP :: Bug #80457 :: stream_get_contents() fails with maxlength=-1 or default

Bug #80457	stream_get_contents() fails with maxlength=-1 or default
Submitted:	2020-12-01 15:28 UTC	Modified:	2020-12-01 16:28 UTC
From:	bruno dot premont at restena dot lu	Assigned:
Status:	Closed	Package:	Filesystem function related
PHP Version:	7.3.25	OS:	Linux, x32
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	bruno dot premont at restena dot lu
New email:
PHP Version:		OS:

New Comment:

[2020-12-01 15:28 UTC] bruno dot premont at restena dot lu

Description:
------------
The change introduced in commit 62dce97973436f1830b18304e7939a03b18d44ba (Require non-negative length in stream_get_contents()) causes stream_get_contents() to fail if no maxlength is provided and even if maxlength is explicitly provided as -1.


This also causes some stream tests to fail.


The cause of the failure is the mix of type conversions where parts are signed and parts are unsigned.

Under X32 zend_long is 64bit but size_t and ssize_t seem not to be.

Thus
  zend_long maxlength = (ssize_t)PHP_STREAM_COPY_ALL;
will store -1
but
  maxlength == PHP_STREAM_COPY_ALL
will compare a signed and a unsigned value causing trouble due to extending unsigned 32bit PHP_STREAM_COPY_ALL to a signed 64bit value.


Blindly converting between unsigned PHP_STREAM_COPY_ALL and signed zend_long is prone to trouble.


Other probably affected code:
  phar extension (passing zend_long to php_stream_copy_to_mem() which takes a size_t for maxlength after eventually having assigned PHP_STREAM_COPY_ALL to the zend_long.

Patches

php-streams-x32.patch (last revision 2020-12-01 15:28 UTC by bruno dot premont at restena dot lu)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2020-12-01 15:52 UTC] cmb@php.net

> Under X32 zend_long is 64bit […]

That shouldn't be the case.  What's the value of PHP_INT_SIZE on
that system?

That said, the patch looks good to me.  Care to provide a PR?

[2020-12-01 15:57 UTC] nikic@php.net

@cmb: Note that x32 != x86. x32 is a Linux ABI for ... x64.

[2020-12-01 16:28 UTC] bruno dot premont at restena dot lu

@cmb: If I had a public git repo I could offer a pull request, though I don't, thus the patch.

I didn't check if PHP-7.4.x or PHP-8 are affected too, but I guess they are.


Yes, X32 is a Linux ABI on x86_64.

What I was more surprised is about size_t and ssize_t being 32bit and not 64bit as plain x86_64 while off_t is 64bit.

[2020-12-02 10:30 UTC] nikic@php.net

Automatic comment on behalf of nikita.ppv@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d6fcaf5da4368918936a875876e0639b7e6f3bd2
Log: Fixed bug #80457

[2020-12-02 10:30 UTC] nikic@php.net

-Status: Open +Status: Closed

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 13:01:29 2024 UTC