Skip to content

Fix #79015: undefined-behavior in php_date.c#5031

Closed
cmb69 wants to merge 2 commits intophp:PHP-7.3from
cmb69:cmb/fix-79015
Closed

Fix #79015: undefined-behavior in php_date.c#5031
cmb69 wants to merge 2 commits intophp:PHP-7.3from
cmb69:cmb/fix-79015

Conversation

@cmb69
Copy link
Member

@cmb69 cmb69 commented Dec 23, 2019

We check that the given microsecond fraction is in the valid range
[0, 1000000[, and otherwise mark it as invalid. We also drop the
useless do loop; a plain block is sufficient here.

@cmb69
Fix #79015: undefined-behavior in php_date.c
afc5307 
We check that the given microsecond fraction is in the valid range
[0, 1000000[, and otherwise mark it as invalid.  We also drop the
useless do loop; a plain block is sufficient here.
@cmb69 cmb69 requested a review from derickr December 23, 2019 13:05
nikic
nikic reviewed Dec 23, 2019
View reviewed changes
nikic
nikic reviewed Dec 27, 2019
View reviewed changes
ext/date/php_date.c
do {
{
zval *z_arg = zend_hash_str_find(myht, "f", sizeof("f") - 1);
(*intobj)->diff->us = -1000000;
Copy link
Member

@nikic nikic Dec 27, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How did you pick this value? I see some other code in this file using -99999. @derickr What's the correct value for an unset us?

Copy link
Member

@nikic nikic Dec 27, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay, it's clear how you picked it: Used in the existing code two lines below... Still, I'm not sure this is the right value, as TIMELIB_UNSET is -99999.

Copy link
Member Author

@cmb69 cmb69 Dec 27, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, now I'm confused, since the other properties seem to use -1 as unset default? @derickr, please clarify. Thanks.

Copy link
Member

@derickr derickr Dec 27, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm going to look into this when I return from Christmas holiday. Ping me the first week of Jan if I haven't replied yet

Copy link
Member

@nikic nikic Jan 3, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ping ;)

Copy link
Member

@derickr derickr Jan 3, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

-1000000 is correct, as in these lines:

4220         if (strcmp(Z_STRVAL_P(member), "f") == 0) {
4221             fvalue = obj->diff->us / 1000000.0;
4222             break;
4223         }

and

4238     if (fvalue != -1) {
4239         ZVAL_DOUBLE(retval, fvalue);

The fvalue ends up being -1 during the division, which would result in FALSE being returned.

@cmb69 cmb69 added the Bug label Dec 27, 2019
@cmb69
Copy link
Member Author

cmb69 commented Jan 3, 2020

Thanks! Applied as b48f262.

@cmb69 cmb69 closed this Jan 3, 2020
@cmb69 cmb69 deleted the cmb/fix-79015 branch January 3, 2020 13:34
@cmb69 cmb69 mentioned this pull request Oct 12, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nikic nikic nikic left review comments

@derickr derickr derickr approved these changes

Assignees

No one assigned

Labels

Bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cmb69 @derickr @nikic