From: Nikita Popov Date: Fri, 12 Apr 2019 14:46:23 +0000 (+0200) Subject: Fix strict aliasing violation in phpdbg X-Git-Tag: php-7.4.0alpha1~509 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=3c23084cf6ea04c9fe4396c9ae7e5c1d8bb3d37e;p=php Fix strict aliasing violation in phpdbg By explicitly computing the message length from bytes. This also makes sure that the length is interpreted in an endianness-independent manner. --- diff --git a/ext/xsl/xsltprocessor.c b/ext/xsl/xsltprocessor.c index d71460efcf..18443f9efa 100644 --- a/ext/xsl/xsltprocessor.c +++ b/ext/xsl/xsltprocessor.c @@ -174,7 +174,7 @@ static char **php_xsl_xslt_make_params(HashTable *parht, int xpath_params) static void xsl_ext_function_php(xmlXPathParserContextPtr ctxt, int nargs, int type) /* {{{ */ { xsltTransformContextPtr tctxt; - zval *args; + zval *args = NULL; zval retval; int result, i; int error = 0; diff --git a/sapi/phpdbg/phpdbg_wait.c b/sapi/phpdbg/phpdbg_wait.c index 738b4669f2..69be24a953 100644 --- a/sapi/phpdbg/phpdbg_wait.c +++ b/sapi/phpdbg/phpdbg_wait.c @@ -379,21 +379,25 @@ PHPDBG_COMMAND(wait) /* {{{ */ return FAILURE; } - char msglen[5]; - int recvd = 4; + unsigned char msglen_buf[4]; + int needed = 4; do { - recvd -= recv(sr, &(msglen[4 - recvd]), recvd, 0); - } while (recvd > 0); + needed -= recv(sr, &msglen_buf[4 - needed], needed, 0); + } while (needed > 0); - recvd = *(size_t *) msglen; - char *data = emalloc(recvd); + uint32_t msglen = (msglen_buf[3] << 24) + | (msglen_buf[2] << 16) + | (msglen_buf[1] << 8) + | (msglen_buf[0] << 0); + char *data = emalloc(msglen); + needed = msglen; do { - recvd -= recv(sr, &(data[(*(int *) msglen) - recvd]), recvd, 0); - } while (recvd > 0); + needed -= recv(sr, &(data[msglen - needed]), needed, 0); + } while (needed > 0); - phpdbg_webdata_decompress(data, *(int *) msglen); + phpdbg_webdata_decompress(data, msglen); if (PHPDBG_G(socket_fd) != -1) { close(PHPDBG_G(socket_fd));