php: Fix memory corruption for uwsgi_cache_* #2108
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Ah the joys of variadic arguments in C...
So, when using
zend_parse_parameters()
, PHP internally loops through the type specifiers and accordingly usesva_arg()
to get the corresponding argument.Since the arguments are expected to be pointers to the corresponding values, the size of them does matter, because PHP simply writes to the corresponding address with a size of
size_t
.If we for example pass a pointer to a 32bit integer and PHP writes 64 bits, we have an overflow of 4 bytes.
From
README.PARAMETER_PARSING_API
in the PHP source tree:To fix this, I changed the types accordingly to use
size_t
andzend_long
if the PHP major version is >= 7.