archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-21 01:45:16 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Protect against overflows in pi constraints

Browse source
This commit is contained in:
Nikita Popov 2015-12-20 12:47:39 +01:00
parent 825b5901df
commit 420ff42bc0
1 changed files with 35 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

44
ext/opcache/Optimizer/zend_ssa.c
View file

@ -120,6 +120,15 @@ static int find_adjusted_tmp_var(const zend_op_array *op_array, uint32_t build_f
return -1; return -1;
} }
static inline zend_bool add_will_overflow(zend_long a, zend_long b) {
return (b > 0 && a > ZEND_LONG_MAX - b)
|| (b < 0 && a < ZEND_LONG_MIN - b);
}
static inline zend_bool sub_will_overflow(zend_long a, zend_long b) {
return (b > 0 && a < ZEND_LONG_MIN + b)
|| (b < 0 && a > ZEND_LONG_MAX + b);
}
static int zend_ssa_rename(const zend_op_array *op_array, zend_ssa *ssa, int *var, int n) /* {{{ */ static int zend_ssa_rename(const zend_op_array *op_array, zend_ssa *ssa, int *var, int n) /* {{{ */
{ {
zend_basic_block *blocks = ssa->cfg.blocks; zend_basic_block *blocks = ssa->cfg.blocks;
@ -602,32 +611,49 @@ int zend_build_ssa(zend_arena **arena, const zend_op_array *op_array, uint32_t b
} }
if (var1 >= 0 && var2 >= 0) { if (var1 >= 0 && var2 >= 0) {
int tmp = val1; if (!sub_will_overflow(val1, val2) && !sub_will_overflow(val2, val1)) {
val1 -= val2; zend_long tmp = val1;
val2 -= tmp; val1 -= val2;
val2 -= tmp;
} else {
var1 = -1;
var2 = -1;
}
} else if (var1 >= 0 && var2 < 0) { } else if (var1 >= 0 && var2 < 0) {
zend_long add_val2 = 0;
if ((opline-1)->op2_type == IS_CONST && if ((opline-1)->op2_type == IS_CONST &&
Z_TYPE_P(CRT_CONSTANT((opline-1)->op2)) == IS_LONG) { Z_TYPE_P(CRT_CONSTANT((opline-1)->op2)) == IS_LONG) {
val2 += Z_LVAL_P(CRT_CONSTANT((opline-1)->op2)); add_val2 = Z_LVAL_P(CRT_CONSTANT((opline-1)->op2));
} else if ((opline-1)->op2_type == IS_CONST && } else if ((opline-1)->op2_type == IS_CONST &&
Z_TYPE_P(CRT_CONSTANT((opline-1)->op2)) == IS_FALSE) { Z_TYPE_P(CRT_CONSTANT((opline-1)->op2)) == IS_FALSE) {
val2 += 0; add_val2 = 0;
} else if ((opline-1)->op2_type == IS_CONST && } else if ((opline-1)->op2_type == IS_CONST &&
Z_TYPE_P(CRT_CONSTANT((opline-1)->op2)) == IS_TRUE) { Z_TYPE_P(CRT_CONSTANT((opline-1)->op2)) == IS_TRUE) {
val2 += 1; add_val2 = 1;
} else {
var1 = -1;
}
if (!add_will_overflow(val2, add_val2)) {
val2 += add_val2;
} else { } else {
var1 = -1; var1 = -1;
} }
} else if (var1 < 0 && var2 >= 0) { } else if (var1 < 0 && var2 >= 0) {
zend_long add_val1 = 0;
if ((opline-1)->op1_type == IS_CONST && if ((opline-1)->op1_type == IS_CONST &&
Z_TYPE_P(CRT_CONSTANT((opline-1)->op1)) == IS_LONG) { Z_TYPE_P(CRT_CONSTANT((opline-1)->op1)) == IS_LONG) {
val1 += Z_LVAL_P(CRT_CONSTANT((opline-1)->op1)); add_val1 = Z_LVAL_P(CRT_CONSTANT((opline-1)->op1));
} else if ((opline-1)->op1_type == IS_CONST && } else if ((opline-1)->op1_type == IS_CONST &&
Z_TYPE_P(CRT_CONSTANT((opline-1)->op1)) == IS_FALSE) { Z_TYPE_P(CRT_CONSTANT((opline-1)->op1)) == IS_FALSE) {
val1 += 0; add_val1 = 0;
} else if ((opline-1)->op1_type == IS_CONST && } else if ((opline-1)->op1_type == IS_CONST &&
Z_TYPE_P(CRT_CONSTANT((opline-1)->op1)) == IS_TRUE) { Z_TYPE_P(CRT_CONSTANT((opline-1)->op1)) == IS_TRUE) {
val1 += 1; add_val1 = 1;
} else {
var2 = -1;
}
if (!add_will_overflow(val1, add_val1)) {
val1 += add_val1;
} else { } else {
var2 = -1; var2 = -1;
} }