-
Notifications
You must be signed in to change notification settings - Fork 7.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Segfault in stripslashes() with arm64 #10187
Comments
can reproduce even on mac arm64 |
Line 3833 in ddcbcd1
looks fishy. Shouldn't that be But the actual issue might be |
Looks like it
|
I can't test it myself, but I think this might fix it (apply on branch 8.1): diff --git a/ext/standard/string.c b/ext/standard/string.c
index 8a223b72f4..254f2d0458 100644
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -3989,18 +3989,22 @@ static zend_always_inline char *php_stripslashes_impl(const char *str, char *out
vst1q_u8(q.mem, vceqq_u8(x, vdupq_n_u8('\\')));
if (q.dw[0] | q.dw[1]) {
int i = 0;
- for (; i < 16; i++) {
+ while (i < 16) {
if (q.mem[i] == 0) {
*out++ = str[i];
+ i++;
continue;
}
i++; /* skip the slash */
- char s = str[i];
- if (s == '0')
- *out++ = '\0';
- else
- *out++ = s; /* preserve the next character */
+ if (i < len) {
+ char s = str[i];
+ if (s == '0')
+ *out++ = '\0';
+ else
+ *out++ = s; /* preserve the next character */
+ i++;
+ }
}
str += i;
len -= i; |
Well it doesn't segfault anymore and is giving out correct results 🙂
diff --git a/ext/standard/string.c b/ext/standard/string.c
index daed5b59cb..d246aac859 100644
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -3822,18 +3822,22 @@ static zend_always_inline char *php_stripslashes_impl(const char *str, char *out
vst1q_u8(q.mem, vceqq_u8(x, vdupq_n_u8('\\')));
if (q.dw[0] | q.dw[1]) {
int i = 0;
- for (; i < 16; i++) {
+ while (i < 16) {
if (q.mem[i] == 0) {
*out++ = str[i];
+ i++;
continue;
}
i++; /* skip the slash */
- char s = str[i];
- if (s == '0')
- *out++ = '\0';
- else
- *out++ = s; /* preserve the next character */
+ if (i < len) {
+ char s = str[i];
+ if (s == '0')
+ *out++ = '\0';
+ else
+ *out++ = s; /* preserve the next character */
+ i++;
+ }
}
str += i;
len -= i; |
can you make a PR please ? |
I'll make a PR and add a .phpt |
Co-authored-by: todeveni <toni.viemero@iki.fi>
Co-authored-by: todeveni <toni.viemero@iki.fi>
Disregard; that code is correct. |
* PHP-8.1: Fix GH-10187: Segfault in stripslashes() with arm64 Fix memory leak in posix_ttyname()
* PHP-8.2: Fix GH-10187: Segfault in stripslashes() with arm64 Fix memory leak in posix_ttyname()
Description
The following code:
Resulted in this output:
But I expected this output instead:
Backtrace from current php-src:
Downstream bugreport oerdnj/deb.sury.org#1894 reported originally by @martymcguire
PHP Version
Any
Operating System
No response
The text was updated successfully, but these errors were encountered: