php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #80457 stream_get_contents() fails with maxlength=-1 or default
Submitted: 2020-12-01 15:28 UTC Modified: 2020-12-01 16:28 UTC
From: bruno dot premont at restena dot lu Assigned:
Status: Closed Package: Filesystem function related
PHP Version: 7.3.25 OS: Linux, x32
Private report: No CVE-ID: None
 [2020-12-01 15:28 UTC] bruno dot premont at restena dot lu
Description:
------------
The change introduced in commit 62dce97973436f1830b18304e7939a03b18d44ba (Require non-negative length in stream_get_contents()) causes stream_get_contents() to fail if no maxlength is provided and even if maxlength is explicitly provided as -1.


This also causes some stream tests to fail.


The cause of the failure is the mix of type conversions where parts are signed and parts are unsigned.

Under X32 zend_long is 64bit but size_t and ssize_t seem not to be.

Thus
  zend_long maxlength = (ssize_t)PHP_STREAM_COPY_ALL;
will store -1
but
  maxlength == PHP_STREAM_COPY_ALL
will compare a signed and a unsigned value causing trouble due to extending unsigned 32bit PHP_STREAM_COPY_ALL to a signed 64bit value.


Blindly converting between unsigned PHP_STREAM_COPY_ALL and signed zend_long is prone to trouble.


Other probably affected code:
  phar extension (passing zend_long to php_stream_copy_to_mem() which takes a size_t for maxlength after eventually having assigned PHP_STREAM_COPY_ALL to the zend_long.



Patches

php-streams-x32.patch (last revision 2020-12-01 15:28 UTC by bruno dot premont at restena dot lu)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-12-01 15:52 UTC] cmb@php.net
> Under X32 zend_long is 64bit […]

That shouldn't be the case.  What's the value of PHP_INT_SIZE on
that system?

That said, the patch looks good to me.  Care to provide a PR?
 [2020-12-01 15:57 UTC] nikic@php.net
@cmb: Note that x32 != x86. x32 is a Linux ABI for ... x64.
 [2020-12-01 16:28 UTC] bruno dot premont at restena dot lu
@cmb: If I had a public git repo I could offer a pull request, though I don't, thus the patch.

I didn't check if PHP-7.4.x or PHP-8 are affected too, but I guess they are.


Yes, X32 is a Linux ABI on x86_64.

What I was more surprised is about size_t and ssize_t being 32bit and not 64bit as plain x86_64 while off_t is 64bit.
 [2020-12-02 10:30 UTC] nikic@php.net
Automatic comment on behalf of nikita.ppv@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d6fcaf5da4368918936a875876e0639b7e6f3bd2
Log: Fixed bug #80457
 [2020-12-02 10:30 UTC] nikic@php.net
-Status: Open +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 13:01:29 2024 UTC