PHP :: Bug #81233 :: gcc catches number of memory issues by -Werror

Bug #81233	gcc catches number of memory issues by -Werror
Submitted:	2021-07-08 01:24 UTC	Modified:	2021-07-19 08:02 UTC
From:	yohgaki at ohgaki dot net	Assigned:
Status:	Open	Package:	Compile Failure
PHP Version:	Irrelevant	OS:	Fedora 34
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	yohgaki at ohgaki dot net
New email:
PHP Version:		OS:

New Comment:

[2021-07-08 01:24 UTC] yohgaki at ohgaki dot net

Description:
------------
Newer gcc catches memory issues during compile time and raise warnings. Since 7.4, -Werror compile flag that makes warning to error, PHP cannot be compiled. Therefore, Fedora 34 cannot compile PHP from 7.4 to master.

$ uname -a
Linux dev 5.12.13-300.fc34.x86_64 #1 SMP Wed Jun 23 16:18:11 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
$ gcc --version
gcc (GCC) 11.1.1 20210531 (Red Hat 11.1.1-3)



There are number of issues catched by gcc. Followings are examples.

hash_gost has wrong prototype or wrong definition for 1st param. Clearly a bug.
------------------
/home/yohgaki/git/oss/php.net/PHP-7.4/ext/hash/hash_gost.c:286:47: error: argument 1 of type 'unsigned char[32]' with mismatched bound [-Werror=array-parameter=]
  286 | PHP_HASH_API void PHP_GOSTFinal(unsigned char digest[32], PHP_GOST_CTX *context)
      |                                 ~~~~~~~~~~~~~~^~~~~~~~~~
In file included from /home/yohgaki/git/oss/php.net/PHP-7.4/ext/hash/hash_gost.c:21:
/home/yohgaki/git/oss/php.net/PHP-7.4/ext/hash/php_hash_gost.h:35:33: note: previously declared as 'unsigned char[64]'
   35 | PHP_HASH_API void PHP_GOSTFinal(unsigned char[64], PHP_GOST_CTX *);
      |                                 ^~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
make: *** [Makefile:1119: ext/hash/hash_gost.lo] Error 1
make: *** Waiting for unfinished jobs....
----------------------


It seems this strncpy does not consider null char.
----------------------
/home/yohgaki/git/oss/php.net/PHP-master/ext/pdo/pdo_dbh.c:85:9: error: 'strncpy' specified bound 6 equals destination size [-Werror=stringop-truncation]
   85 |         strncpy(*pdo_err, sqlstate, 6);
      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
----------------------


This may be false-positive, but out of bound access possibly. It doesn't compile with -Werror anyway.
----------------------
/home/yohgaki/git/oss/php.net/PHP-master/ext/opcache/jit/dynasm/dasm_x86.h:127:19: error: array subscript -10 is outside array bounds of 'void *[36]' [-Werror=array-bounds]
  127 |   D->globals = gl - 10;  /* Negative bias to compensate for locals. */
      |                ~~~^~~~
In file included from /home/yohgaki/git/oss/php.net/PHP-master/ext/opcache/jit/zend_jit.c:729:
/home/yohgaki/git/oss/php.net/PHP-master/ext/opcache/jit/zend_jit_x86.dasc:143:14: note: while referencing 'dasm_labels'
  143 | static void* dasm_labels[zend_lb_MAX];
      |              ^~~~~~~~~~~
cc1: all warnings being treated as errors
----------------------

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2021-07-08 10:46 UTC] cmb@php.net

> hash_gost has wrong prototype or wrong definition for 1st param.
> Clearly a bug.

Well, it might hint at a bug, but isn't a bug per se, since array
parameters are degraded to pointers anway.  This has been fixed a
while ago in master[1], since apparently there is no actual bug.

> It seems this strncpy does not consider null char.

Certainly not clean (should probably be a memcpy()), but doesn't
look like a real bug.

> This may be false-positive, but out of bound access possibly.

That would be something Dmitry should have a look at.

[1] <https://github.com/php/php-src/commit/e0e3d9851ae517429d1bfc7eb2df9df917406d2c>

[2021-07-08 22:19 UTC] yohgaki@php.net

Compile errors are examples. I didn't try to find all of them and there may be real memory issues. It would be nice to use newer gcc for CI if it is possible.

[2021-07-12 08:29 UTC] nikic@php.net

-Type: Security +Type: Bug

[2021-07-19 08:02 UTC] dmitry@php.net

The array bounds warning in JIT is definitely a false positive.

I won't like to fix this in any way, because the warnings occurs in DynAsm header, borrowed from LuaJIT project.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Nov 23 11:01:28 2024 UTC