Fix strict aliasing violation in phpdbg

By explicitly computing the message length from bytes. This also
makes sure that the length is interpreted in an endianness-independent
manner.

diff --git a/ext/xsl/xsltprocessor.c b/ext/xsl/xsltprocessor.c
index d71460efcfbb0421e1c43b028963d67ebb89f0a3..18443f9efa8fbfb4bc572b254808ea0198b44f8d 100644 (file)
--- a/ext/xsl/xsltprocessor.c
+++ b/ext/xsl/xsltprocessor.c
@@ -174,7 +174,7 @@ static char **php_xsl_xslt_make_params(HashTable *parht, int xpath_params)
 static void xsl_ext_function_php(xmlXPathParserContextPtr ctxt, int nargs, int type) /* {{{ */
 {
        xsltTransformContextPtr tctxt;
-       zval *args;
+       zval *args = NULL;
        zval retval;
        int result, i;
        int error = 0;

diff --git a/sapi/phpdbg/phpdbg_wait.c b/sapi/phpdbg/phpdbg_wait.c
index 738b4669f2d2e5f953354b571a9d3cbc3d6b78c4..69be24a953ec36f92190154f95b9f038116862cc 100644 (file)
--- a/sapi/phpdbg/phpdbg_wait.c
+++ b/sapi/phpdbg/phpdbg_wait.c
@@ -379,21 +379,25 @@ PHPDBG_COMMAND(wait) /* {{{ */
                return FAILURE;
        }
 
-       char msglen[5];
-       int recvd = 4;
+       unsigned char msglen_buf[4];
+       int needed = 4;
 
        do {
-               recvd -= recv(sr, &(msglen[4 - recvd]), recvd, 0);
-       } while (recvd > 0);
+               needed -= recv(sr, &msglen_buf[4 - needed], needed, 0);
+       } while (needed > 0);
 
-       recvd = *(size_t *) msglen;
-       char *data = emalloc(recvd);
+       uint32_t msglen = (msglen_buf[3] << 24)
+                                       | (msglen_buf[2] << 16)
+                                       | (msglen_buf[1] <<  8)
+                                       | (msglen_buf[0] <<  0);
+       char *data = emalloc(msglen);
+       needed = msglen;
 
        do {
-               recvd -= recv(sr, &(data[(*(int *) msglen) - recvd]), recvd, 0);
-       } while (recvd > 0);
+               needed -= recv(sr, &(data[msglen - needed]), needed, 0);
+       } while (needed > 0);
 
-       phpdbg_webdata_decompress(data, *(int *) msglen);
+       phpdbg_webdata_decompress(data, msglen);
 
        if (PHPDBG_G(socket_fd) != -1) {
                close(PHPDBG_G(socket_fd));