Commit: d0e0a51c4c6f7fd318e97a200a990fbb54cf3852 Author: Ard Biesheuvel <ard.biesheu...@linaro.org> Tue, 5 Feb 2013 12:14:55 +0100 Parents: 72a728872b0827b83c48e16812d746585b72303a Branches: master
Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=d0e0a51c4c6f7fd318e97a200a990fbb54cf3852 Log: Add ARM optimized versions of safe_address() The function safe_address() uses inline assembler to detect overflow in size/offset calculations, as detecting this in plain C is a lot more work. Changed paths: M Zend/zend_alloc.c Diff: diff --git a/Zend/zend_alloc.c b/Zend/zend_alloc.c index 1cc2c67..fea94de 100644 --- a/Zend/zend_alloc.c +++ b/Zend/zend_alloc.c @@ -2494,6 +2494,46 @@ static inline size_t safe_address(size_t nmemb, size_t size, size_t offset) return res; } +#elif defined(__GNUC__) && defined(__arm__) + +static inline size_t safe_address(size_t nmemb, size_t size, size_t offset) +{ + size_t res; + unsigned long overflow; + + __asm__ ("umull %0,%1,%2,%3\n\tadds %0,%4\n\tadc %1,%1" + : "=&r"(res), "=&r"(overflow) + : "r"(nmemb), + "r"(size), + "r"(offset)); + + if (UNEXPECTED(overflow)) { + zend_error_noreturn(E_ERROR, "Possible integer overflow in memory allocation (%zu * %zu + %zu)", nmemb, size, offset); + return 0; + } + return res; +} + +#elif defined(__GNUC__) && defined(__aarch64__) + +static inline size_t safe_address(size_t nmemb, size_t size, size_t offset) +{ + size_t res; + unsigned long overflow; + + __asm__ ("mul %0,%2,%3\n\tumulh %1,%2,%3\n\tadds %0,%0,%4\n\tadc %1,%1,%1" + : "=&r"(res), "=&r"(overflow) + : "r"(nmemb), + "r"(size), + "r"(offset)); + + if (UNEXPECTED(overflow)) { + zend_error_noreturn(E_ERROR, "Possible integer overflow in memory allocation (%zu * %zu + %zu)", nmemb, size, offset); + return 0; + } + return res; +} + #elif SIZEOF_SIZE_T == 4 && defined(HAVE_ZEND_LONG64) static inline size_t safe_address(size_t nmemb, size_t size, size_t offset) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php