Skip to content

ext/sockets: socket_strerror follow-up on GH-16267 fix. #16981

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

ext/sockets: socket_strerror follow-up on GH-16267 fix. #16981

wants to merge 1 commit into from

Conversation

devnexen
Copy link
Member

boundaries should be INT_MIN <= val < INT_MAX in fact.

cmb69
cmb69 reviewed Nov 28, 2024
View reviewed changes
ext/sockets/sockets.c Outdated
if (ZEND_LONG_EXCEEDS_INT(arg1)) {
zend_argument_value_error(1, "must be between %d and %d", INT_MIN, INT_MAX);
if (arg1 <= INT_MIN || arg1 > INT_MAX) {
zend_argument_value_error(1, "must be greater than %d and lower than %d", INT_MIN, INT_MAX);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
zend_argument_value_error(1, "must be greater than %d and lower than %d", INT_MIN, INT_MAX);
zend_argument_value_error(1, "must be greater than %d and less than %d", INT_MIN, INT_MAX);

ext/sockets/tests/gh16267.phpt Outdated
<?php
try {
socket_strerror(PHP_INT_MIN);
socket_strerror(-2147483648);
Copy link
Member

@cmb69 cmb69 Nov 28, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This has basically the same problem (32bit systems) as the bug we're trying to fix; the number 2147483648 overflows there.

Did you try:

 ext/sockets/sockets.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ext/sockets/sockets.c b/ext/sockets/sockets.c
index 08b8d8406d..5cc66f2d8f 100644
--- a/ext/sockets/sockets.c
+++ b/ext/sockets/sockets.c
@@ -370,7 +370,7 @@ char *sockets_strerror(int error) /* {{{ */
 
 #ifndef PHP_WIN32
 	if (error < -10000) {
-		error = -error - 10000;
+		error = (int)(unsigned int) error - 10000;
 
 #ifdef HAVE_HSTRERROR
 		buf = hstrerror(error);

PS: no need to try: suggestion is nonsense. Disregard.

Girgias
Girgias requested changes Nov 28, 2024
View reviewed changes
ext/sockets/sockets.c Outdated
if (ZEND_LONG_EXCEEDS_INT(arg1)) {
zend_argument_value_error(1, "must be between %d and %d", INT_MIN, INT_MAX);
if (arg1 <= INT_MIN || arg1 > INT_MAX) {
zend_argument_value_error(1, "must be greater than %d and lower than %d", INT_MIN, INT_MAX);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The standard wording is:

Suggested change
zend_argument_value_error(1, "must be greater than %d and lower than %d", INT_MIN, INT_MAX);
zend_argument_value_error(1, "must be between %d and %d", INT_MIN, INT_MAX);

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, but in this case INT_MIN is no longer supported, so should be:

Suggested change
zend_argument_value_error(1, "must be greater than %d and lower than %d", INT_MIN, INT_MAX);
zend_argument_value_error(1, "must be between %d and %d", INT_MIN + 1, INT_MAX);

But I'm still not convinced that we need to constrain the allowed range.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm just pointing out the wording :)

@devnexen devnexen requested a review from Girgias November 29, 2024 12:04
@Girgias Girgias requested a review from cmb69 November 29, 2024 14:04
Girgias
Girgias reviewed Nov 29, 2024
View reviewed changes
ext/sockets/tests/gh16267.phpt Outdated
Comment on lines 21 to 22
socket_strerror(): Argument #1 ($error_code) must be between %s and %d
socket_strerror(): Argument #1 ($error_code) must be between %s and %d
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
socket_strerror(): Argument #1 ($error_code) must be between %s and %d
socket_strerror(): Argument #1 ($error_code) must be between %s and %d
socket_strerror(): Argument #1 ($error_code) must be between %d and %d
socket_strerror(): Argument #1 ($error_code) must be between %d and %d

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sorry does not work for me, I guess because it s a negative.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right, use %i

cmb69
cmb69 reviewed Nov 29, 2024
View reviewed changes
Copy link
Member

@cmb69 cmb69 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The fix looks okay to me, but why not fix the root cause? My previous suggestion was nonsense, but we could special case INT_MIN:

 ext/sockets/sockets.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/ext/sockets/sockets.c b/ext/sockets/sockets.c
index 48221479a7..eab26737e6 100644
--- a/ext/sockets/sockets.c
+++ b/ext/sockets/sockets.c
@@ -370,7 +370,11 @@ char *sockets_strerror(int error) /* {{{ */
 
 #ifndef PHP_WIN32
 	if (error < -10000) {
-		error = -error - 10000;
+		if (error = INT_MIN) {
+			error = 2147473648;
+		} else {
+			error = -error - 10000;
+		}
 
 #ifdef HAVE_HSTRERROR
 		buf = hstrerror(error);

That may not matter in practice, in which case we can go with this fix, but I would add an assertion (basically a precondition) in sockets_strerror() that error > INT_MIN.

@devnexen
Copy link
Member Author

It s mainly because socket_strerror is the only call using user supplied error code for sockets_strerror. But yes I can put an assert sure.

@devnexen devnexen force-pushed the gh16267-bis branch 2 times, most recently from 378b307 to dc1127e Compare November 29, 2024 16:16
@devnexen devnexen requested a review from cmb69 November 30, 2024 10:11
cmb69
cmb69 reviewed Dec 1, 2024
View reviewed changes
ext/sockets/sockets.c Outdated
Comment on lines 1251 to 1257
if (ZEND_LONG_EXCEEDS_INT(arg1)) {
zend_argument_value_error(1, "must be between %d and %d", INT_MIN, INT_MAX);
if (arg1 <= INT_MIN || arg1 > INT_MAX) {
zend_argument_value_error(1, "must be between %d and %d", (INT_MIN + 1), INT_MAX);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we support INT_MIN, we can revert this change.

@devnexen devnexen requested a review from cmb69 December 9, 2024 10:11
cmb69
cmb69 approved these changes Dec 9, 2024
View reviewed changes
ext/sockets/sockets.c Outdated
{
const char *buf;

ZEND_ASSERT(error >= INT_MIN);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Superfluous assertion; since error is of type int it is always >= INT_MIN.

Other than that the patch looks good to me.

@devnexen
ext/sockets: socket_strerror follow-up on phpGH-16267 fix.
abc506a 
boundaries should be INT_MIN <= val < INT_MAX in fact.
@devnexen
Copy link
Member Author

devnexen commented Dec 9, 2024

closed with 3bea6a2.

@devnexen devnexen closed this Dec 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Girgias Girgias Girgias requested changes

@cmb69 cmb69 cmb69 approved these changes

Assignees

No one assigned

Labels

Extension: sockets

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@devnexen @cmb69 @Girgias