Bug #50987 [Com]: unaligned memory access in phar.c

Fri, 05 Mar 2010 17:21:01 -0800 

Edit report at http://bugs.php.net/bug.php?id=50987&edit=1

 ID:               50987
 Comment by:       geiss...@php.net
 Reported by:      geissert at debian dot org
 Summary:          unaligned memory access in phar.c
 Status:           Open
 Type:             Bug
 Package:          PHAR related
 Operating System: linux ia64
 PHP Version:      5.3.1

 New Comment:

Any reason for not applying the patch? cheers


Previous Comments:
------------------------------------------------------------------------
[2010-02-10 20:32:10] geissert at debian dot org

The phar one was found while building the extension itself (the call to
php in ext/phar/Makefile.frag to generate phar.php.)



There are probably more, but still have to process them. In the
meanwhile, here's another (found while unpacking pear):



@@ -512,7 +512,7 @@ void phar_entry_remove(phar_entry_data *

        (buffer) += 2

 #else

 # define PHAR_GET_32(buffer, var) \

-       var = *(php_uint32*)(buffer); \

+       memcpy(&var, buffer, sizeof(var)); \

        buffer += 4

 # define PHAR_GET_16(buffer, var) \

        var = *(php_uint16*)(buffer); \



As for CFLAGS: -O2 -Wall -fsigned-char -fno-strict-aliasing -g
-D_FORTIFY_SOURCE=2 -Wformat -Wformat-security



Should be easy for you to find them by running the test suite under
prctl --unaligned=signal (all the phar tests will fail.) That's how I
found them all (I can provide the name of the tests that failed in a
moment, I'm rebuilding with the patches I already provided.)

------------------------------------------------------------------------
[2010-02-10 20:05:21] paj...@php.net

hi,



Can you provide test cases for these crashes please? As well as your
settings (CFLAGS&co) as I can't see crashes on IA64 here (or other 64bit
platforms). Same applies for your other reports :)



Thanks for your feedback!

------------------------------------------------------------------------
[2010-02-10 07:27:23] geissert at debian dot org

Description:
------------
There's an unaligned memory access in ext/phar/phar.c's phar_set_32
function.



The following patch fixes it:



--- php.orig/ext/phar/phar.c

+++ php/ext/phar/phar.c

@@ -2491,7 +2491,7 @@ static inline void phar_set_32(char *buf

        *((buffer) + 1) = (unsigned char) (((var) >> 8) & 0xFF);

        *((buffer) + 0) = (unsigned char) ((var) & 0xFF);

 #else

-       *(php_uint32 *)(buffer) = (php_uint32)(var);

+       memcpy(buffer, &var, sizeof(var));

 #endif

 } /* }}} */





------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=50987&edit=1

Reply via email to