Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:87831 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 77835 invoked from network); 21 Aug 2015 09:37:41 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 21 Aug 2015 09:37:41 -0000 Authentication-Results: pb1.pair.com header.from=anatol.php@belski.net; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=anatol.php@belski.net; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain belski.net from 85.214.73.107 cause and error) X-PHP-List-Original-Sender: anatol.php@belski.net X-Host-Fingerprint: 85.214.73.107 klapt.com Received: from [85.214.73.107] ([85.214.73.107:39708] helo=h1123647.serverkompetenz.net) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 51/31-64560-751F6D55 for ; Fri, 21 Aug 2015 05:37:29 -0400 Received: by h1123647.serverkompetenz.net (Postfix, from userid 1006) id 7E72723D6299; Fri, 21 Aug 2015 11:37:24 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on h1123647.serverkompetenz.net X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.5 tests=ALL_TRUSTED,BAYES_00, URIBL_BLOCKED autolearn=unavailable version=3.3.2 Received: from w530phpdev (p579F3AD8.dip0.t-ipconnect.de [87.159.58.216]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by h1123647.serverkompetenz.net (Postfix) with ESMTPSA id D6F2223D6003; Fri, 21 Aug 2015 11:37:21 +0200 (CEST) To: "'Sherif Ramadan'" Cc: "'Dmitry Stogov'" , "'Xinchen Hui'" , "'Nikita Popov'" , "'Pierre Joye'" , "'Bob Weinand'" , "'Jakub Zelenka'" , "'Matt Wilmas'" , "'PHP Internals'" References: <02a601d0dbed$2c828df0$8587a9d0$@belski.net> In-Reply-To: Date: Fri, 21 Aug 2015 11:37:30 +0200 Message-ID: <02ae01d0dbf5$01c17330$05445990$@belski.net> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Outlook 15.0 Thread-Index: AQK9NdJN9egRUY1Umglkf8yuRLR3fgF0Y2w7nDHZQ1A= Content-Language: en-us Subject: RE: [PHP-DEV] Overflow checks and integral vars comparison From: anatol.php@belski.net ("Anatol Belski") Hi Sherif, > -----Original Message----- > From: Sherif Ramadan [mailto:theanomaly.is@gmail.com] > Sent: Friday, August 21, 2015 11:21 AM > To: Anatol Belski > Cc: Dmitry Stogov ; Xinchen Hui ; > Nikita Popov ; Pierre Joye = ; > Bob Weinand ; Jakub Zelenka ; Matt > Wilmas ; PHP Internals = > Subject: Re: [PHP-DEV] Overflow checks and integral vars comparison >=20 > Maybe I'm missing something here, but how do these macros detect = overflow > exactly? If the check is done on the actual result and not the = operands then it's > not a good overflow check. Additionally, why wouldn't overflow checks = be > needed on 32-bit architecture, or any other architecture for that = matter? > Integers can overflow there too. >=20 Example code in simplexml_load_string() if (zend_parse_parameters(ZEND_NUM_ARGS(), "s|C!lsb", &data, = &data_len, &ce, &options, &ns, &ns_len, &isprefix) =3D=3D FAILURE) { return; } If (ZEND_LONG_INT_OVFL(options)) { RETURN_FALSE; } If (ZEND_SIZE_T_INT_OVFL(data_len)) { RETURN_FALSE; } =20 docp =3D xmlReadMemory(data, data_len, NULL, NULL, options); - on x86_64 - possible int overflow without check - on ILP64 or i386 alike - no int overflow per se, so can be ommited Regards Anatol > On Fri, Aug 21, 2015 at 4:41 AM, Anatol Belski > wrote: >=20 > > Hi, > > > > Resending this as missed internals at the start. > > > > I was lately rethinking some part of the 64-bit RFC, and also seeing > > now Jakub's work on catching overflows in ext/openssl and Matt > > Williams suggestions on it (which was going a bit more global over > > it). So I came up with these macros with two goals > > > > - standardize the overflow checks > > - do actualy checks only on architectures where it's needed > > - simplify the checks where external libs (openssl, libxml, etc.) = use > > firm datatypes like int > > > > #if SIZEOF_INT =3D=3D SIZEOF_ZEND_LONG > > # define ZEND_LONG_INT_OVFL(zl) (0) > > # define ZEND_LONG_INT_UDFL(zl) (0) > > #else > > # define ZEND_LONG_INT_OVFL(zlong) ((zlong) > (zend_long)INT_MAX) # > > define > > ZEND_LONG_INT_UDFL(zlong) ((zlong) < (zend_long)INT_MIN) #endif > > > > #define ZEND_SIZE_T_INT_OVFL(size) ((size) > (size_t)INT_MAX) > > > > So having it like > > > > If (ZEND_LONG_INT_OVFL(x)) { > > return; > > } > > > > Compiler would eliminate the branch automatically on 32-bit and = ILP64. > > > > Some other macros to do signed/unsigned comparison, these can be > extended. > > > > #define ZEND_SIZE_T_GT_ZEND_LONG(size, zlong) ((zlong) < 0 || (size) = > > > (size_t)(zlong)) #define ZEND_SIZE_T_GTE_ZEND_LONG(size, zlong) > > ((zlong) < > > 0 > > || (size) >=3D (size_t)(zlong)) #define = ZEND_SIZE_T_LT_ZEND_LONG(size, > > || zlong) > > ((zlong) >=3D 0 && (size) < (size_t)(zlong)) #define > > ZEND_SIZE_T_LTE_ZEND_LONG(size, zlong) ((zlong) >=3D 0 && (size) = <=3D > > (size_t)(zlong)) > > > > IMHO these and maybe more are missing after the 64-bit RFC. Do you > > think they would make sense? Or would make sense now, or later in = master? > > > > Thanks > > > > Anatol > > > > > > -- > > PHP Internals - PHP Runtime Development Mailing List To unsubscribe, > > visit: http://www.php.net/unsub.php > > > >