Skip to content

Plain stream wrapper: Add assertions to uphold assumptions and remove a dubious API usage #17322

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 3, 2025
Merged

Plain stream wrapper: Add assertions to uphold assumptions and remove a dubious API usage #17322

merged 1 commit into from
Jan 3, 2025

Conversation

Girgias
Copy link
Member

@Girgias Girgias commented Jan 2, 2025

No description provided.

@Girgias Girgias changed the title Stream fopen assumptions check and refactoring Plain stream wrapper: Add assertions to uphold assumptions and remove an idiosyncratic API usage Jan 2, 2025
@Girgias Girgias force-pushed the stream-fopen-assumptions-check-and-refactoring branch from def7561 to 30003f5 Compare January 2, 2025 13:51
@Girgias Girgias changed the title Plain stream wrapper: Add assertions to uphold assumptions and remove an idiosyncratic API usage Plain stream wrapper: Add assertions to uphold assumptions and remove a dubious API usage Jan 2, 2025
@Girgias Girgias force-pushed the stream-fopen-assumptions-check-and-refactoring branch from 30003f5 to 78d365c Compare January 2, 2025 14:09
@Girgias Girgias marked this pull request as ready for review January 2, 2025 18:31
@Girgias Girgias requested a review from bukka as a code owner January 2, 2025 18:31
bukka
bukka reviewed Jan 2, 2025
View reviewed changes
main/streams/plain_wrapper.c Outdated
if (expand_filepath(filename, realpath) == NULL) {
return NULL;
}
realpath_len = strlen(realpath);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This might wasteful - it's not used in all paths below. Just keep strlen(realpath) - this function is not really used so not much point to change it.

bukka
bukka reviewed Jan 2, 2025
View reviewed changes
main/streams/plain_wrapper.c Outdated
Comment on lines 1123 to 1125
realpath_len = strlen(filename);
ZEND_ASSERT(realpath_len < sizeof(realpath) && "Assumed real path filename is too long");
strcpy(realpath, filename);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is an external API so there should be some prevention - you should at least use strncpy if you really need to replace this.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you can keep the assert but not use only strcpy.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

strncpy does do padding, which is pointless. Actually, strlcpy here was fine IMO because with the new code we now do two traversals.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah good point. Let's close this PR in that case...

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe just the top one makes sense. I don't really mind. This function is not even used from anywhere in the core - at least I didn't find any usage...

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there might still be external usage ofc. as it's public API.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I dropped the first commit

@Girgias
main/streams: Remove questionable use of PHP_STRLCPY
80e6701 
The description of PHP_STRLCPY says that this is a fast version of strlcpy that should be used if we *know* the size of both the source and destination buffers.
This is clearly not the case as we use strlen() to compute it.
Moreover if the result cannot fit in the destination buffer something seriously strange has happened and we should return a failure state rather than truncating.
@Girgias Girgias force-pushed the stream-fopen-assumptions-check-and-refactoring branch from 78d365c to 80e6701 Compare January 3, 2025 12:12
@Girgias Girgias merged commit 0fe3a91 into php:master Jan 3, 2025
10 checks passed
@Girgias Girgias deleted the stream-fopen-assumptions-check-and-refactoring branch January 3, 2025 13:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bukka bukka bukka left review comments

@nielsdos nielsdos nielsdos left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Girgias @bukka @nielsdos