php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #79172 STRUCT_OFFSET() relies on undefined behavior
Submitted: 2020-01-27 14:39 UTC Modified: 2020-01-28 08:20 UTC
From: cmb@php.net Assigned: cmb (profile)
Status: Closed Package: MySQLi related
PHP Version: 7.2.27 OS: *
Private report: No CVE-ID: None
View Developer Edit
 [2020-01-27 14:39 UTC] cmb@php.net 
Description:
------------
The STRUCT_OFFSET() macro[1] evaluates to an expression which
relies on undefined behavior (null pointer dereferencing).  I'm
not sure if that qualifies as security issue, but it is certainly
a bug.

<https://github.com/php/php-src/blob/php-7.2.27/ext/mysqlnd/mysqlnd_portability.h#L18>



Test script:
---------------
mysqli_connect($host, $user, $password, $database);

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-01-27 14:39 UTC] cmb@php.net 
Suggested patch:

 ext/mysqlnd/mysqlnd_portability.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ext/mysqlnd/mysqlnd_portability.h b/ext/mysqlnd/mysqlnd_portability.h
index 873f49b0cd..2064906193 100644
--- a/ext/mysqlnd/mysqlnd_portability.h
+++ b/ext/mysqlnd/mysqlnd_portability.h
@@ -15,7 +15,7 @@ This file is public domain and comes with NO WARRANTY of any kind */
 
 
 /* Comes from global.h as OFFSET, renamed to STRUCT_OFFSET */
-#define STRUCT_OFFSET(t, f)   ((size_t)(char *)&((t *)0)->f)
+#define STRUCT_OFFSET(t, f)   XtOffsetOf(t, f)
 
 #ifndef __attribute
 #if !defined(__GNUC__)
 [2020-01-27 16:01 UTC] nikic@php.net
-Type: Security +Type: Bug
 [2020-01-27 16:01 UTC] nikic@php.net 
Not a security issue, this is a pattern understood by compilers. Of course it should use XtOffsetOf at least on 7.4.
 [2020-01-28 08:20 UTC] cmb@php.net 
Automatic comment on behalf of cmbecker69@gmx.de
Revision: http://git.php.net/?p=php-src.git;a=commit;h=412b476b7fb386c6aa04efb936881f5b2250ded9
Log: Fix #79172: STRUCT_OFFSET() relies on undefined behavior
 [2020-01-28 08:20 UTC] cmb@php.net
-Status: Open +Status: Closed
 [2020-01-28 08:20 UTC] cmb@php.net
-Assigned To: +Assigned To: cmb
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri May 09 03:01:30 2025 UTC