Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:87832
Return-Path: <anatol.php@belski.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 79620 invoked from network); 21 Aug 2015 09:40:11 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 21 Aug 2015 09:40:11 -0000
Authentication-Results: pb1.pair.com smtp.mail=anatol.php@belski.net; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=anatol.php@belski.net; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain belski.net from 85.214.73.107 cause and error)
X-PHP-List-Original-Sender: anatol.php@belski.net
X-Host-Fingerprint: 85.214.73.107 klapt.com  
Received: from [85.214.73.107] ([85.214.73.107:39848] helo=h1123647.serverkompetenz.net)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 7A/81-64560-AF1F6D55 for <internals@lists.php.net>; Fri, 21 Aug 2015 05:40:10 -0400
Received: by h1123647.serverkompetenz.net (Postfix, from userid 1006)
	id 662A023D6299; Fri, 21 Aug 2015 11:40:07 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	h1123647.serverkompetenz.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=2.5 tests=ALL_TRUSTED,BAYES_00,
	URIBL_BLOCKED autolearn=unavailable version=3.3.2
Received: from w530phpdev (p579F3AD8.dip0.t-ipconnect.de [87.159.58.216])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by h1123647.serverkompetenz.net (Postfix) with ESMTPSA id DEA0923D6003;
	Fri, 21 Aug 2015 11:40:00 +0200 (CEST)
To: "'Sherif Ramadan'" <theanomaly.is@gmail.com>
Cc: "'Dmitry Stogov'" <dmitry@php.net>,
	"'Xinchen Hui'" <xinchen.h@zend.com>,
	"'Nikita Popov'" <nikita.ppv@gmail.com>,
	"'Pierre Joye'" <pierre.php@gmail.com>,
	"'Bob Weinand'" <bobwei9@hotmail.com>,
	"'Jakub Zelenka'" <bukka@php.net>,
	"'Matt Wilmas'" <php_lists@realplain.com>,
	"'PHP Internals'" <internals@lists.php.net>
References: <02a601d0dbed$2c828df0$8587a9d0$@belski.net> <CAL+t6cHdJNNySG0x76a1k_903XrFmfcCDHHH8LbmiTRNoQ3c4Q@mail.gmail.com> <02ae01d0dbf5$01c17330$05445990$@belski.net>
In-Reply-To: <02ae01d0dbf5$01c17330$05445990$@belski.net>
Date: Fri, 21 Aug 2015 11:40:08 +0200
Message-ID: <02b001d0dbf5$607ab7b0$21702710$@belski.net>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQK9NdJN9egRUY1Umglkf8yuRLR3fgF0Y2w7Afrl8XmcIgSEYA==
Content-Language: en-us
Subject: RE: [PHP-DEV] Overflow checks and integral vars comparison
From: anatol.php@belski.net ("Anatol Belski")



> -----Original Message-----
> From: Anatol Belski [mailto:anatol.php@belski.net]
> Sent: Friday, August 21, 2015 11:38 AM
> To: 'Sherif Ramadan' <theanomaly.is@gmail.com>
> Cc: 'Dmitry Stogov' <dmitry@php.net>; 'Xinchen Hui' =
<xinchen.h@zend.com>;
> 'Nikita Popov' <nikita.ppv@gmail.com>; 'Pierre Joye' =
<pierre.php@gmail.com>;
> 'Bob Weinand' <bobwei9@hotmail.com>; 'Jakub Zelenka' <bukka@php.net>;
> 'Matt Wilmas' <php_lists@realplain.com>; 'PHP Internals'
> <internals@lists.php.net>
> Subject: RE: [PHP-DEV] Overflow checks and integral vars comparison
>=20
> Hi Sherif,
>=20
> > -----Original Message-----
> > From: Sherif Ramadan [mailto:theanomaly.is@gmail.com]
> > Sent: Friday, August 21, 2015 11:21 AM
> > To: Anatol Belski <anatol.php@belski.net>
> > Cc: Dmitry Stogov <dmitry@php.net>; Xinchen Hui =
<xinchen.h@zend.com>;
> > Nikita Popov <nikita.ppv@gmail.com>; Pierre Joye
> > <pierre.php@gmail.com>; Bob Weinand <bobwei9@hotmail.com>; Jakub
> > Zelenka <bukka@php.net>; Matt Wilmas <php_lists@realplain.com>; PHP
> > Internals <internals@lists.php.net>
> > Subject: Re: [PHP-DEV] Overflow checks and integral vars comparison
> >
> > Maybe I'm missing something here, but how do these macros detect
> > overflow exactly? If the check is done on the actual result and not
> > the operands then it's not a good overflow check. Additionally, why
> > wouldn't overflow checks be needed on 32-bit architecture, or any =
other
> architecture for that matter?
> > Integers can overflow there too.
> >
> Example code in simplexml_load_string()
>=20
>     if (zend_parse_parameters(ZEND_NUM_ARGS(), "s|C!lsb", &data, =
&data_len,
> &ce, &options, &ns, &ns_len, &isprefix) =3D=3D FAILURE) {
>         return;
>     }
>=20
>     If (ZEND_LONG_INT_OVFL(options)) {
>          RETURN_FALSE;
>     }
>     If (ZEND_SIZE_T_INT_OVFL(data_len)) {
>          RETURN_FALSE;
>     }
>=20
>     docp =3D xmlReadMemory(data, data_len, NULL, NULL, options);
>=20
>=20
> - on x86_64 - possible int overflow without check
> - on ILP64 or i386 alike - no int overflow per se, so can be ommited
>=20
No int overflow with zend_long I wanted to say, so it's "if (0)" which =
is eliminated, but with size_t an overflow is still possible.=20

> > On Fri, Aug 21, 2015 at 4:41 AM, Anatol Belski =
<anatol.php@belski.net>
> > wrote:
> >
> > > Hi,
> > >
> > > Resending this as missed internals at the start.
> > >
> > > I was lately rethinking some part of the 64-bit RFC, and also =
seeing
> > > now Jakub's work on catching overflows in ext/openssl and Matt
> > > Williams suggestions on it (which was going a bit more global over
> > > it). So I came up with these macros with two goals
> > >
> > > - standardize the overflow checks
> > > - do actualy checks only on architectures where it's needed
> > > - simplify the checks where external libs (openssl, libxml, etc.)
> > > use firm datatypes like int
> > >
> > > #if SIZEOF_INT =3D=3D SIZEOF_ZEND_LONG
> > > # define ZEND_LONG_INT_OVFL(zl) (0)
> > > # define ZEND_LONG_INT_UDFL(zl) (0)
> > > #else
> > > # define ZEND_LONG_INT_OVFL(zlong) ((zlong) > (zend_long)INT_MAX) =
#
> > > define
> > > ZEND_LONG_INT_UDFL(zlong) ((zlong) < (zend_long)INT_MIN) #endif
> > >
> > > #define ZEND_SIZE_T_INT_OVFL(size) ((size) > (size_t)INT_MAX)
> > >
> > > So having it like
> > >
> > > If (ZEND_LONG_INT_OVFL(x)) {
> > >         return;
> > > }
> > >
> > > Compiler would eliminate the branch automatically on 32-bit and =
ILP64.
> > >
> > > Some other macros to do signed/unsigned comparison, these can be
> > extended.
> > >
> > > #define ZEND_SIZE_T_GT_ZEND_LONG(size, zlong) ((zlong) < 0 || =
(size)
> > > >
> > > (size_t)(zlong)) #define ZEND_SIZE_T_GTE_ZEND_LONG(size, zlong)
> > > ((zlong) <
> > > 0
> > > || (size) >=3D (size_t)(zlong)) #define =
ZEND_SIZE_T_LT_ZEND_LONG(size,
> > > || zlong)
> > > ((zlong) >=3D 0 && (size) < (size_t)(zlong)) #define
> > > ZEND_SIZE_T_LTE_ZEND_LONG(size, zlong) ((zlong) >=3D 0 && (size) =
<=3D
> > > (size_t)(zlong))
> > >
> > > IMHO these and maybe more are missing after the 64-bit RFC. Do you
> > > think they would make sense? Or would make sense now, or later in =
master?
> > >
> > > Thanks
> > >
> > > Anatol
> > >
> > >
> > > --
> > > PHP Internals - PHP Runtime Development Mailing List To =
unsubscribe,
> > > visit: http://www.php.net/unsub.php
> > >
> > >
>=20
>=20
> --
> PHP Internals - PHP Runtime Development Mailing List To unsubscribe, =
visit:
> http://www.php.net/unsub.php