Skip to content

Commit 08193b7

Browse files
committed
1 parent 98b84ab commit 08193b7

29 files changed

+3326
-43
lines changed

Diff for: hphp/runtime/base/mem-file.cpp

+10-5
Original file line numberDiff line numberDiff line change
@@ -109,13 +109,15 @@ bool MemFile::closeImpl() {
109109
int64_t MemFile::readImpl(char *buffer, int64_t length) {
110110
assertx(m_len != -1);
111111
assertx(length > 0);
112+
assertx(m_cursor >= 0);
112113
int64_t remaining = m_len - m_cursor;
113114
if (remaining < length) length = remaining;
114115
if (length > 0) {
115116
memcpy(buffer, (const void *)(m_data + m_cursor), length);
117+
m_cursor += length;
118+
return length;
116119
}
117-
m_cursor += length;
118-
return length;
120+
return 0;
119121
}
120122

121123
int MemFile::getc() {
@@ -126,7 +128,7 @@ int MemFile::getc() {
126128
bool MemFile::seek(int64_t offset, int whence /* = SEEK_SET */) {
127129
assertx(m_len != -1);
128130
if (whence == SEEK_CUR) {
129-
if (offset > 0 && offset < bufferedLen()) {
131+
if (offset >= 0 && offset < bufferedLen()) {
130132
setReadPosition(getReadPosition() + offset);
131133
setPosition(getPosition() + offset);
132134
return true;
@@ -139,10 +141,13 @@ bool MemFile::seek(int64_t offset, int whence /* = SEEK_SET */) {
139141
setWritePosition(0);
140142
setReadPosition(0);
141143
if (whence == SEEK_SET) {
144+
if (offset < 0) return false;
142145
m_cursor = offset;
143-
} else {
144-
assertx(whence == SEEK_END);
146+
} else if (whence == SEEK_END) {
147+
if (m_len + offset < 0) return false;
145148
m_cursor = m_len + offset;
149+
} else {
150+
return false;
146151
}
147152
setPosition(m_cursor);
148153
return true;

Diff for: hphp/runtime/base/preg.cpp

+3
Original file line numberDiff line numberDiff line change
@@ -1925,6 +1925,9 @@ String preg_quote(const String& str,
19251925

19261926
/* Allocate enough memory so that even if each character
19271927
is quoted, we won't run out of room */
1928+
static_assert(
1929+
(StringData::MaxSize * 4 + 1) < std::numeric_limits<int64_t>::max()
1930+
);
19281931
String ret(4 * str.size() + 1, ReserveString);
19291932
char* out_str = ret.mutableData();
19301933

Diff for: hphp/runtime/base/string-data-inl.h

+2-3
Original file line numberDiff line numberDiff line change
@@ -66,7 +66,7 @@ inline void StringData::invalidateHash() {
6666
assertx(checkSane());
6767
}
6868

69-
inline void StringData::setSize(int len) {
69+
inline void StringData::setSize(int64_t len) {
7070
assertx(!isImmutable() && !hasMultipleRefs());
7171
assertx(len >= 0 && len <= capacity());
7272
mutableData()[len] = 0;
@@ -94,7 +94,7 @@ inline char* StringData::mutableData() const {
9494
return const_cast<char*>(data());
9595
}
9696

97-
inline int StringData::size() const { return m_len; }
97+
inline int64_t StringData::size() const { return m_len; }
9898
inline bool StringData::empty() const { return size() == 0; }
9999
inline uint32_t StringData::capacity() const {
100100
assertx(isRefCounted());
@@ -255,4 +255,3 @@ struct string_data_lti {
255255
//////////////////////////////////////////////////////////////////////
256256

257257
}
258-

Diff for: hphp/runtime/base/string-data.h

+3-5
Original file line numberDiff line numberDiff line change
@@ -294,7 +294,7 @@ struct StringData final : MaybeCountable,
294294
* Pre: !hasMultipleRefs()
295295
*/
296296
void invalidateHash();
297-
void setSize(int len);
297+
void setSize(int64_t len);
298298

299299
/*
300300
* StringData should not generally be allocated on the stack,
@@ -327,10 +327,9 @@ struct StringData final : MaybeCountable,
327327
/*
328328
* Accessor for the length of a string.
329329
*
330-
* Note: size() returns a signed int for historical reasons. It is
331-
* guaranteed to be in the range (0 <= size() <= MaxSize)
330+
* Note: size() is guaranteed to be >= 0 and <= MaxSize.
332331
*/
333-
int size() const;
332+
int64_t size() const;
334333

335334
/*
336335
* Returns: size() == 0
@@ -700,4 +699,3 @@ template<> class FormatValue<HPHP::StringData*> {
700699
}
701700

702701
#include "hphp/runtime/base/string-data-inl.h"
703-

Diff for: hphp/runtime/base/type-string.h

+3-4
Original file line numberDiff line numberDiff line change
@@ -195,7 +195,7 @@ struct String {
195195
}
196196

197197
public:
198-
const String& setSize(int len) {
198+
const String& setSize(int64_t len) {
199199
assertx(m_str);
200200
m_str->setSize(len);
201201
return *this;
@@ -224,10 +224,10 @@ struct String {
224224
bool empty() const {
225225
return m_str ? m_str->empty() : true;
226226
}
227-
int size() const {
227+
int64_t size() const {
228228
return m_str ? m_str->size() : 0;
229229
}
230-
int length() const {
230+
int64_t length() const {
231231
return m_str ? m_str->size() : 0;
232232
}
233233
uint32_t capacity() const {
@@ -591,4 +591,3 @@ template<> class FormatValue<HPHP::StaticString> {
591591
const HPHP::StaticString& m_val;
592592
};
593593
}
594-

Diff for: hphp/runtime/ext/gd/ext_gd.cpp

+1
Original file line numberDiff line numberDiff line change
@@ -7656,6 +7656,7 @@ static int exif_scan_thumbnail(image_info_type *ImageInfo) {
76567656
if (c == 0xFF)
76577657
return 0;
76587658
marker = c;
7659+
if (ImageInfo->Thumbnail.size - 2 < pos) return 0;
76597660
length = php_jpg_get16(data+pos);
76607661
if (length > ImageInfo->Thumbnail.size || pos >= ImageInfo->Thumbnail.size - length) {
76617662
return 0;

Diff for: hphp/runtime/ext/hotprofiler/ext_hotprofiler.cpp

+2-2
Original file line numberDiff line numberDiff line change
@@ -1226,8 +1226,8 @@ struct MemoProfiler final : Profiler {
12261226
if (mme.second.m_return_value != fr) all_same = false;
12271227
count += mme.second.m_count;
12281228
auto ser_len = mme.second.m_return_value.length();
1229-
min_ser_len = std::min(min_ser_len, ser_len);
1230-
max_ser_len = std::max(max_ser_len, ser_len);
1229+
min_ser_len = std::min<int64_t>(min_ser_len, ser_len);
1230+
max_ser_len = std::max<int64_t>(max_ser_len, ser_len);
12311231
if (mme.second.m_count > 1) any_multiple = true;
12321232
}
12331233
if (!any_multiple && !all_same) continue;

Diff for: hphp/runtime/ext/mcrypt/ext_mcrypt.cpp

+3-3
Original file line numberDiff line numberDiff line change
@@ -656,7 +656,7 @@ Variant HHVM_FUNCTION(mcrypt_generic_init, const Resource& td,
656656

657657
int key_size;
658658
if (key.size() > max_key_size) {
659-
raise_warning("Key size too large; supplied length: %d, max: %d",
659+
raise_warning("Key size too large; supplied length: %ld, max: %d",
660660
key.size(), max_key_size);
661661
key_size = max_key_size;
662662
} else {
@@ -665,10 +665,10 @@ Variant HHVM_FUNCTION(mcrypt_generic_init, const Resource& td,
665665
memcpy(key_s, key.data(), key.size());
666666

667667
if (iv.size() != iv_size) {
668-
raise_warning("Iv size incorrect; supplied length: %d, needed: %d",
668+
raise_warning("Iv size incorrect; supplied length: %ld, needed: %d",
669669
iv.size(), iv_size);
670670
}
671-
memcpy(iv_s, iv.data(), std::min(iv_size, iv.size()));
671+
memcpy(iv_s, iv.data(), std::min<int64_t>(iv_size, iv.size()));
672672

673673
mcrypt_generic_deinit(pm->m_td);
674674
int result = mcrypt_generic_init(pm->m_td, key_s, key_size, iv_s);

Diff for: hphp/runtime/ext/openssl/ext_openssl.cpp

+2-2
Original file line numberDiff line numberDiff line change
@@ -2940,7 +2940,7 @@ static bool php_openssl_validate_iv(
29402940
}
29412941

29422942
if (piv.size() < iv_required_len) {
2943-
raise_warning("IV passed is only %d bytes long, cipher "
2943+
raise_warning("IV passed is only %ld bytes long, cipher "
29442944
"expects an IV of precisely %d bytes, padding with \\0",
29452945
piv.size(), iv_required_len);
29462946
memcpy(iv_new, piv.data(), piv.size());
@@ -2949,7 +2949,7 @@ static bool php_openssl_validate_iv(
29492949
return true;
29502950
}
29512951

2952-
raise_warning("IV passed is %d bytes long which is longer than the %d "
2952+
raise_warning("IV passed is %ld bytes long which is longer than the %d "
29532953
"expected by selected cipher, truncating", piv.size(),
29542954
iv_required_len);
29552955
memcpy(iv_new, piv.data(), iv_required_len);

Diff for: hphp/runtime/ext/sockets/ext_sockets.cpp

+1-1
Original file line numberDiff line numberDiff line change
@@ -255,7 +255,7 @@ static bool set_sockaddr(sockaddr_storage &sa_storage, req::ptr<Socket> sock,
255255
sa->sun_family = AF_UNIX;
256256
if (addr.length() > sizeof(sa->sun_path)) {
257257
raise_warning(
258-
"Unix socket path length (%d) is larger than system limit (%lu)",
258+
"Unix socket path length (%ld) is larger than system limit (%lu)",
259259
addr.length(),
260260
sizeof(sa->sun_path)
261261
);

Diff for: hphp/runtime/ext/std/ext_std_file.cpp

+1-1
Original file line numberDiff line numberDiff line change
@@ -464,7 +464,7 @@ Variant HHVM_FUNCTION(fwrite,
464464
CHECK_HANDLE(handle, f);
465465
int64_t ret = f->write(data, length);
466466
if (ret < 0) {
467-
raise_notice("fwrite(): send of %d bytes failed with errno=%d %s",
467+
raise_notice("fwrite(): send of %ld bytes failed with errno=%d %s",
468468
data.size(), errno, folly::errnoStr(errno).c_str());
469469
ret = 0;
470470
}

Diff for: hphp/runtime/ext/std/ext_std_variable.cpp

+1-1
Original file line numberDiff line numberDiff line change
@@ -454,7 +454,7 @@ ALWAYS_INLINE String serialize_impl(const Variant& value,
454454
lazyClassToStringHelper(value.toLazyClassVal());
455455
auto const size = str->size();
456456
if (size >= RuntimeOption::MaxSerializedStringSize) {
457-
throw Exception("Size of serialized string (%d) exceeds max", size);
457+
throw Exception("Size of serialized string (%ld) exceeds max", size);
458458
}
459459
StringBuffer sb;
460460
sb.append("s:");

Diff for: hphp/runtime/ext/string/ext_string.cpp

+16-8
Original file line numberDiff line numberDiff line change
@@ -1133,15 +1133,23 @@ TypedValue HHVM_FUNCTION(substr_compare,
11331133
return make_tv<KindOfBoolean>(false);
11341134
}
11351135

1136-
int cmp_len = s1_len - offset;
1137-
if (cmp_len < s2_len) cmp_len = s2_len;
1138-
if (cmp_len > length) cmp_len = length;
1136+
auto const cmp_len = std::min(s1_len - offset, std::min(s2_len, length));
11391137

1140-
const char *s1 = main_str.data();
1141-
if (case_insensitivity) {
1142-
return tvReturn(bstrcasecmp(s1 + offset, cmp_len, str.data(), cmp_len));
1143-
}
1144-
return tvReturn(string_ncmp(s1 + offset, str.data(), cmp_len));
1138+
auto const ret = [&] {
1139+
const char *s1 = main_str.data();
1140+
if (case_insensitivity) {
1141+
return bstrcasecmp(s1 + offset, cmp_len, str.data(), cmp_len);
1142+
}
1143+
return string_ncmp(s1 + offset, str.data(), cmp_len);
1144+
}();
1145+
if (ret == 0) {
1146+
auto const m1 = std::min(s1_len - offset, length);
1147+
auto const m2 = std::min(s2_len, length);
1148+
if (m1 > m2) return tvReturn(1);
1149+
if (m1 < m2) return tvReturn(-1);
1150+
return tvReturn(0);
1151+
}
1152+
return tvReturn(ret);
11451153
}
11461154

11471155
TypedValue HHVM_FUNCTION(strstr,

Diff for: hphp/runtime/ext/strobelight/ext_strobelight.cpp

+12-4
Original file line numberDiff line numberDiff line change
@@ -110,7 +110,10 @@ bool logToUSDT(const Array& bt) {
110110
assertx(isStringType(type(file_name)));
111111
strncpy(frame->file_name,
112112
val(file_name).pstr->data(),
113-
std::min(val(file_name).pstr->size(), strobelight::kFileNameMax));
113+
std::min<int64_t>(
114+
val(file_name).pstr->size(),
115+
strobelight::kFileNameMax
116+
));
114117
frame->file_name[strobelight::kFileNameMax - 1] = '\0';
115118
}
116119

@@ -119,7 +122,10 @@ bool logToUSDT(const Array& bt) {
119122
assertx(isStringType(type(class_name)));
120123
strncpy(frame->class_name,
121124
val(class_name).pstr->data(),
122-
std::min(val(class_name).pstr->size(), strobelight::kClassNameMax));
125+
std::min<int64_t>(
126+
val(class_name).pstr->size(),
127+
strobelight::kClassNameMax
128+
));
123129
frame->class_name[strobelight::kClassNameMax - 1] = '\0';
124130
}
125131

@@ -128,8 +134,10 @@ bool logToUSDT(const Array& bt) {
128134
assertx(isStringType(type(function_name)));
129135
strncpy(frame->function,
130136
val(function_name).pstr->data(),
131-
std::min(val(function_name).pstr->size(),
132-
strobelight::kFunctionMax));
137+
std::min<int64_t>(
138+
val(function_name).pstr->size(),
139+
strobelight::kFunctionMax
140+
));
133141
frame->function[strobelight::kFunctionMax - 1] = '\0';
134142
}
135143

Diff for: hphp/test/slow/ext_gd/t79224592.php

+7
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
<?hh
2+
3+
<<__EntryPoint>>
4+
function main() {
5+
$x = exif_read_data("data://text/plain;base64,SUkqAAQAAAAAAAIAAAAAAAQAaYcAAAIAAAAiAAAAaYcAAAABAAAEAAAA//4CAAEAAgD/////////////////v///////////AAAAAAAAAAAAAAAAAAAAAQAAAAAAAD4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAqAAQAAAAAAAIAAAAIzgcAXgAAKgQAAAACAAQnmIIAAAADAAD/AAAAAAAAAACAA///////AQME4gD+////////AAZgVANoaGhoaGhoaGhoaGhoaGhoaGhoaISEhISEhISEhISEhISEhISEhISEhISEhISEhISEhISEhISEhISEhISEhISEhISEhISEhISEhISEhISEhISEhISEhISEhISEhISEhISEhISEhISEhISEhISEhISEhISEhISEhISEhISEhGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGjc3Nzcampqampqampqampqampqampqampqampqampqampqampqampqampqampqampqav/YxQAJ2DEk2D3/2MUACdgxxUD////FAGpqampqagb/////////////AQAGAwTiAP4AampqampqampqampqampqampqampqBv////////////8BAAYDBAMFHv8BAAYA3vnY/////////gAGDwAABgAAAAQAAAAyAACjo6Ojo6Oj4v//Dtj/AQAGaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaATY/wsABgME4gD+AAbj3vf7Hf/+AAYBAAD//////wEABgME4gD+AAZgVAME//////8BAAYDBOIA/gAGHv8BAAYA3vnY/wEABgME4gD+AAZgVAME2P8LAAYD/////9jhAAgAAAAAAAAAAATiAP4ABh7/AQAGAN752P8BAAYDBOIA/gAGYFQDBNj/CwAGA//////Y4QAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACmpqampqampqampqampqampqampqampqampqYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//////8LAAYDBOIA/gAG4973+x3//gAGBQA4////////////////+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5AP4ABuPe91sd//4ABgUAAP//////AQAGAwTiAP4ABmCp/Psn///+AAYA3vf7Hf/+AAYBAAD//3oAampqampqampqampqampqampqampqampqampqampqampqampqampqampqampqampqampqampqampqampqav/Y2QAEANBqampqagb/////////////AQAGAwTiAP4ABlQDBNj/AQAGAwUe/wEABgDe+dj////////+AAbi//8O2P8BAAYDBOIDAAAAJQAEAGmHAAACAAAAIgAAAGmHAAACAAAAFAAAAGmHAAAA/gAGAN7/2P8BAAYDBOIA/gAGYFQDBNj/DgAGAwTiAP4ABuPe901NACoAAAAF+yAA////AQME4gD+////////AAZgVNzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3GpqampqampqampqampqampqampqampqampqampqampqampqampqampqampqampqampqamoG/////////////wEABgME4gD+AGpqampqampqampqampqampqampqagb/////////////AQAGAwQDBR7/AQAGAN752P////////4ABg8AAAYAAAAEAAAAMgAAo6Ojo6Ojo+L//w7Y/wEABgME4gD+AAYAQN7/2P8BAAYDBOIA/gCGYFQDBNj/CwAGAwTiAP7//////////////////////////////////////////////////////////////////////////////////////////////zo6Ojr/B2tqampqampqampqampqampqampqampqampqampqampqampqampqampqampqampqampqampqampqBv////////////8BAAYDBOIA/gAGVElJKgAEAAAAAgACAAAAAAAEAGmHAAAFvwAABagAAABphwgAAgAAABAQEBAQBBAQEABw+f+yAP8EAAAAACkGAwTiAP4ABuP/3vf7SUkqAAQAAAADAAAAAAAAAP//////AAIAAAAAAFsAYgADAAIAAAAqAAQAAAADAAAAAAAA9AAAAP8C/wTiAP4ABmBUAwT///////////////////////////////////////////////////////////////////////////////////////////////////////////8BAAYDBOIA/gAGYFQDBNj/AQAGAwTiAP4ABmBUAwTY/wEABgME4gD+AAYA3vcB+x3//gAGAQDyAP//egAG9/sd//4ABgEAAP//egAG//8AAAAAF+IA/gBJKgAEAAAAAP//oQ7/m4L/////////////AQAGAwTiAP4ABlQDBNj/AQAGAx4F/wEABgDe+dj/AQAGAwTiAP4ABmBUAwTY/wsABgP///////////8B/gAG4v//BgME4gD+AAZgVAME//////n5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn//////////////62tra2tra3j3vf7Hf/+AAYFAAD//////wED//////8BAwTiBgME4gD+AAbj3vf7Hf/+AAYBAAD//////wEABgMECgoKCgoKCgoK4gD+AAZgVAME//////8BAAYDBOJbAP4ABmBUAwQt/wEABgME4gD+AAZgVAME2P8BAAYDBOIA/gAGAN73+x3//gAGAQAA//////////////////////sd//4ABgEAAP//egAG9/sd//4ABgEAAP////8BAAYDBOIA/gAGYFQDBNj/AQAGAwTiAP4ABgDe9/sd//4ABgEAAP//egAG9/sd//4ABgEAAP//egAG//8AAAAAF+IA/gBJKgAABgME4gB6AAb3+x3//gAGAQAASUkqAAQAAAAIAAAAAAAGAAAAAAAAAAAAAAAAAAAAAAAADP8GAAAAAAAAAHoGAQAAAAAAAAAAAAAAAP////////////////////////////////////////////////////4ABgDe/9j/AQAGAwTiAP4ABmBUAwTY/wsABgME4gD+AAbj3vf7Hf/+AAYFAAD////v/wEABgMM/uIABAAGYKn8+yf///4ABuL//w7Y/wEABgME4gD+AAYA3v/Y/wEABgME4gD+AAZgVAMEl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl9j/CwAGAwTiAP4ABuMj3v4AHQb/+/cFAAD//////wEABgME4gD+AAZgVAME2BQAAABphwAAAP4ABgDe/9j/AQAGAwTiAP4ABmBUAwTY/wsABgME4gD+AAbj3vf7Hf/+AAYFAAD//////wEDBOIA/v///////wAGYFQDBNj/CwAGAwTiAP4ABuPe9/sd//4ABgEAAP//////AQAGAwTiAP4ABmBUAwT///////8BAAYDBOIA/gAGYFQDBNj/AQAGAwTiAP4ABmBUAwTY/wEABgME4gD+AAYA3vf7Hf/+AAYBAAD/////////////////////////egAG9/sd//4ABgEAAP//egAG//8BAAYDBOIA/gAGYFQDBNj/CwAGA//////Y4QgA/+EABv////////4ABuL/AAYFAAD///////8BAAYDBOIADtg=");
6+
var_dump($x);
7+
}

0 commit comments

Comments
 (0)