php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #51003 unaligned memory access in ext/hash/hash_tiger.c
Submitted: 2010-02-10 21:03 UTC Modified: 2010-11-22 14:12 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: geissert at debian dot org Assigned: iliaa
Status: Closed Package: hash related
PHP Version: 5.3SVN-2010-02-12 OS: linux ia64
Private report: No CVE-ID:
 [2010-02-10 21:03 UTC] geissert at debian dot org
Description:
------------
There's an unaligned memory access on PHP_TIGERUpdate():

tiger_compress(context->passes, ((const php_hash_uint64 *) context->buffer), context->state);

Failed test ext/hash/tests/hash_file_basic1.phpt

Actual result:
--------------
*** Testing hash_file() : basic functionality ***
adler32: ff87222e
crc32: 61664d33
gost: d9e65f0c0c2ef944e4f8a01f4a46365c4f33a2853756878182a7f03e1490a4cd
haval128,3: 8bb81269aca8b7f87829020d76a4e841
md2: 70f791c0d8fa9edd7d08e32fcba8c354
md4: a9d034b16bb290c57a645afd6f14cd3b
md5: 704bf818448f5bbb94061332d2c889aa
ripemd128: d02a5f320a11c54c7d51f933b0bd8471
ripemd160: 3ff296ca6314313af3ed0437c8fc0ebbd3242d3b
ripemd256: 0edd779587c11cf32781111b264251eb37529832fb207121cd45dd95002e48a8
ripemd320: bf162fa2ff20491b3016c5d8190f8ee47d7dcda8c38eaf6779349a243a029d275eec9adf16ec1b35
sha1: 8529b266611e3bd0d208fd9614653c2a8f23d0fe
sha256: a0f5702fa5d3670b80033d668e8732b70550392abb53841355447f8bb0f72245
sha384: a35d875ed96d94b6452acad910f97978200faa2398d8a0e6b9cffa33704c3809e3d2e5b0d63700d8f32a0716e7d2d528
sha512: 1f42adaf938fbf136e381b164bae5f984c7f9fe60c82728bd889c14f187c7d63e81a0305a1731c7e0a8f3ed9fd2ec92a3833a93502bdf269532601f0b8e2bab0
snefru: d414b2345d3e7fa1a31c044cf334bfc1fec24d89e464411998d579d24663895f
Bus error (core dumped)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-05-20 12:24 UTC] mike@php.net
-Status: Open +Status: Feedback
 [2010-05-20 12:24 UTC] mike@php.net
Does this fix it for you?

Index: ext/hash/php_hash_tiger.h
===================================================================
--- ext/hash/php_hash_tiger.h	(revision 299276)
+++ ext/hash/php_hash_tiger.h	(working copy)
@@ -25,9 +25,9 @@
 typedef struct {
 	php_hash_uint64 state[3];
 	php_hash_uint64 passed;
+	unsigned char buffer[64];
 	unsigned char passes:1;
 	unsigned char length:7;
-	unsigned char buffer[64];
 } PHP_TIGER_CTX;
 
 PHP_HASH_API void PHP_3TIGERInit(PHP_TIGER_CTX *context);
 [2010-07-18 23:27 UTC] geissert@php.net
Sorry for responding until now, I've just tested the change and I can confirm 
that's enough to fix it.
 [2010-07-18 23:29 UTC] felipe@php.net
-Status: Feedback +Status: Assigned -Assigned To: +Assigned To: mike
 [2010-11-19 14:21 UTC] iliaa@php.net
-Assigned To: mike +Assigned To: iliaal
 [2010-11-20 01:53 UTC] felipe@php.net
-Assigned To: iliaal +Assigned To: iliaa
 [2010-11-22 14:10 UTC] iliaa@php.net
Automatic comment from SVN on behalf of iliaa
Revision: http://svn.php.net/viewvc/?view=revision&revision=305649
Log: Fixed bug #51003 (unaligned memory access in ext/hash/hash_tiger.c)
 [2010-11-22 14:12 UTC] iliaa@php.net
Automatic comment from SVN on behalf of iliaa
Revision: http://svn.php.net/viewvc/?view=revision&revision=305650
Log: Fixed bug #51003 (unaligned memory access in ext/hash/hash_tiger.c).
 [2010-11-22 14:12 UTC] iliaa@php.net
-Status: Assigned +Status: Closed
 [2010-11-22 14:12 UTC] iliaa@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 23 07:02:14 2014 UTC