From: Nikita Popov Date: Sat, 6 Sep 2014 20:12:37 +0000 (+0200) Subject: Revert "Move safe_address into zend_multiply.h" X-Git-Tag: PRE_PHP7_REMOVALS~106 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f4f9b549836a3b5e38774c7158517656da48aab0;p=php Revert "Move safe_address into zend_multiply.h" This reverts commit 43b02e169c718335a82b8c90c3252194f988659a. I'm getting symbol resolution issues for zend_error_noreturn in the opcache.so, so reverting this for now. --- diff --git a/Zend/zend.h b/Zend/zend.h index b542452c50..a0d8ba9e0c 100644 --- a/Zend/zend.h +++ b/Zend/zend.h @@ -260,12 +260,11 @@ char *alloca (); #define ZTS_V 0 #endif -#include "../TSRM/TSRM.h" - #include "zend_errors.h" -#include "zend_types.h" #include "zend_alloc.h" +#include "zend_types.h" + #ifdef HAVE_LIMITS_H # include #endif diff --git a/Zend/zend_alloc.c b/Zend/zend_alloc.c index 5f0c9a6c54..9467059aa9 100644 --- a/Zend/zend_alloc.c +++ b/Zend/zend_alloc.c @@ -2080,24 +2080,144 @@ ZEND_API size_t ZEND_FASTCALL _zend_mem_block_size(void *ptr TSRMLS_DC ZEND_FILE return zend_mm_size(AG(mm_heap), ptr ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); } +#if defined(__GNUC__) && (defined(__native_client__) || defined(i386)) + +static inline size_t safe_address(size_t nmemb, size_t size, size_t offset) +{ + size_t res = nmemb; + zend_ulong overflow = 0; + + __asm__ ("mull %3\n\taddl %4,%0\n\tadcl $0,%1" + : "=&a"(res), "=&d" (overflow) + : "%0"(res), + "rm"(size), + "rm"(offset)); + + if (UNEXPECTED(overflow)) { + zend_error_noreturn(E_ERROR, "Possible integer overflow in memory allocation (%zu * %zu + %zu)", nmemb, size, offset); + return 0; + } + return res; +} + +#elif defined(__GNUC__) && defined(__x86_64__) + +static inline size_t safe_address(size_t nmemb, size_t size, size_t offset) +{ + size_t res = nmemb; + zend_ulong overflow = 0; + +#ifdef __ILP32__ /* x32 */ +# define LP_SUFF "l" +#else /* amd64 */ +# define LP_SUFF "q" +#endif + + __asm__ ("mul" LP_SUFF " %3\n\t" + "add %4,%0\n\t" + "adc $0,%1" + : "=&a"(res), "=&d" (overflow) + : "%0"(res), + "rm"(size), + "rm"(offset)); + +#undef LP_SUFF + if (UNEXPECTED(overflow)) { + zend_error_noreturn(E_ERROR, "Possible integer overflow in memory allocation (%zu * %zu + %zu)", nmemb, size, offset); + return 0; + } + return res; +} + +#elif defined(__GNUC__) && defined(__arm__) + +static inline size_t safe_address(size_t nmemb, size_t size, size_t offset) +{ + size_t res; + zend_ulong overflow; + + __asm__ ("umlal %0,%1,%2,%3" + : "=r"(res), "=r"(overflow) + : "r"(nmemb), + "r"(size), + "0"(offset), + "1"(0)); + + if (UNEXPECTED(overflow)) { + zend_error_noreturn(E_ERROR, "Possible integer overflow in memory allocation (%zu * %zu + %zu)", nmemb, size, offset); + return 0; + } + return res; +} + +#elif defined(__GNUC__) && defined(__aarch64__) + +static inline size_t safe_address(size_t nmemb, size_t size, size_t offset) +{ + size_t res; + zend_ulong overflow; + + __asm__ ("mul %0,%2,%3\n\tumulh %1,%2,%3\n\tadds %0,%0,%4\n\tadc %1,%1,xzr" + : "=&r"(res), "=&r"(overflow) + : "r"(nmemb), + "r"(size), + "r"(offset)); + + if (UNEXPECTED(overflow)) { + zend_error_noreturn(E_ERROR, "Possible integer overflow in memory allocation (%zu * %zu + %zu)", nmemb, size, offset); + return 0; + } + return res; +} + +#elif SIZEOF_SIZE_T == 4 && defined(HAVE_ZEND_LONG64) + +static inline size_t safe_address(size_t nmemb, size_t size, size_t offset) +{ + zend_ulong64 res = (zend_ulong64)nmemb * (zend_ulong64)size + (zend_ulong64)offset; + + if (UNEXPECTED(res > (zend_ulong64)0xFFFFFFFFL)) { + zend_error_noreturn(E_ERROR, "Possible integer overflow in memory allocation (%zu * %zu + %zu)", nmemb, size, offset); + return 0; + } + return (size_t) res; +} + +#else + +static inline size_t safe_address(size_t nmemb, size_t size, size_t offset) +{ + size_t res = nmemb * size + offset; + double _d = (double)nmemb * (double)size + (double)offset; + double _delta = (double)res - _d; + + if (UNEXPECTED((_d + _delta ) != _d)) { + zend_error_noreturn(E_ERROR, "Possible integer overflow in memory allocation (%zu * %zu + %zu)", nmemb, size, offset); + return 0; + } + return res; +} +#endif + + ZEND_API void* ZEND_FASTCALL _safe_emalloc(size_t nmemb, size_t size, size_t offset ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) { - return emalloc_rel(zend_safe_address(nmemb, size, offset)); + return emalloc_rel(safe_address(nmemb, size, offset)); } ZEND_API void* ZEND_FASTCALL _safe_malloc(size_t nmemb, size_t size, size_t offset) { - return pemalloc(zend_safe_address(nmemb, size, offset), 1); + return pemalloc(safe_address(nmemb, size, offset), 1); } ZEND_API void* ZEND_FASTCALL _safe_erealloc(void *ptr, size_t nmemb, size_t size, size_t offset ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) { - return erealloc_rel(ptr, zend_safe_address(nmemb, size, offset)); + return erealloc_rel(ptr, safe_address(nmemb, size, offset)); } ZEND_API void* ZEND_FASTCALL _safe_realloc(void *ptr, size_t nmemb, size_t size, size_t offset) { - return perealloc(ptr, zend_safe_address(nmemb, size, offset), 1); + return perealloc(ptr, safe_address(nmemb, size, offset), 1); } diff --git a/Zend/zend_alloc.h b/Zend/zend_alloc.h index 50c3d278b3..d6d3415dd5 100644 --- a/Zend/zend_alloc.h +++ b/Zend/zend_alloc.h @@ -24,6 +24,7 @@ #include +#include "../TSRM/TSRM.h" #include "zend.h" #ifndef ZEND_MM_ALIGNMENT diff --git a/Zend/zend_arena.h b/Zend/zend_arena.h index ba24e9abce..8988eb4ab5 100644 --- a/Zend/zend_arena.h +++ b/Zend/zend_arena.h @@ -80,8 +80,14 @@ static zend_always_inline void* zend_arena_alloc(zend_arena **arena_ptr, size_t static zend_always_inline void* zend_arena_calloc(zend_arena **arena_ptr, size_t count, size_t unit_size) { - size_t size = zend_safe_address(count, unit_size, 0); - void *ret = zend_arena_alloc(arena_ptr, size); + zend_long overflow; + double d; + size_t size; + void *ret; + + ZEND_SIGNED_MULTIPLY_LONG(unit_size, count, size, d, overflow); + ZEND_ASSERT(overflow == 0); + ret = zend_arena_alloc(arena_ptr, size); memset(ret, 0, size); return ret; } diff --git a/Zend/zend_multiply.h b/Zend/zend_multiply.h index 9b3004582e..11744c2699 100644 --- a/Zend/zend_multiply.h +++ b/Zend/zend_multiply.h @@ -19,9 +19,6 @@ /* $Id$ */ -#ifndef ZEND_MULTIPLY_H -#define ZEND_MULTIPLY_H - #if defined(__i386__) && defined(__GNUC__) #define ZEND_SIGNED_MULTIPLY_LONG(a, b, lval, dval, usedval) do { \ @@ -111,126 +108,3 @@ } while (0) #endif - -#if defined(__GNUC__) && (defined(__native_client__) || defined(i386)) - -static inline size_t zend_safe_address(size_t nmemb, size_t size, size_t offset) -{ - size_t res = nmemb; - zend_ulong overflow = 0; - - __asm__ ("mull %3\n\taddl %4,%0\n\tadcl $0,%1" - : "=&a"(res), "=&d" (overflow) - : "%0"(res), - "rm"(size), - "rm"(offset)); - - if (UNEXPECTED(overflow)) { - zend_error_noreturn(E_ERROR, "Possible integer overflow in memory allocation (%zu * %zu + %zu)", nmemb, size, offset); - return 0; - } - return res; -} - -#elif defined(__GNUC__) && defined(__x86_64__) - -static inline size_t zend_safe_address(size_t nmemb, size_t size, size_t offset) -{ - size_t res = nmemb; - zend_ulong overflow = 0; - -#ifdef __ILP32__ /* x32 */ -# define LP_SUFF "l" -#else /* amd64 */ -# define LP_SUFF "q" -#endif - - __asm__ ("mul" LP_SUFF " %3\n\t" - "add %4,%0\n\t" - "adc $0,%1" - : "=&a"(res), "=&d" (overflow) - : "%0"(res), - "rm"(size), - "rm"(offset)); - -#undef LP_SUFF - if (UNEXPECTED(overflow)) { - zend_error_noreturn(E_ERROR, "Possible integer overflow in memory allocation (%zu * %zu + %zu)", nmemb, size, offset); - return 0; - } - return res; -} - -#elif defined(__GNUC__) && defined(__arm__) - -static inline size_t zend_safe_address(size_t nmemb, size_t size, size_t offset) -{ - size_t res; - zend_ulong overflow; - - __asm__ ("umlal %0,%1,%2,%3" - : "=r"(res), "=r"(overflow) - : "r"(nmemb), - "r"(size), - "0"(offset), - "1"(0)); - - if (UNEXPECTED(overflow)) { - zend_error_noreturn(E_ERROR, "Possible integer overflow in memory allocation (%zu * %zu + %zu)", nmemb, size, offset); - return 0; - } - return res; -} - -#elif defined(__GNUC__) && defined(__aarch64__) - -static inline size_t zend_safe_address(size_t nmemb, size_t size, size_t offset) -{ - size_t res; - zend_ulong overflow; - - __asm__ ("mul %0,%2,%3\n\tumulh %1,%2,%3\n\tadds %0,%0,%4\n\tadc %1,%1,xzr" - : "=&r"(res), "=&r"(overflow) - : "r"(nmemb), - "r"(size), - "r"(offset)); - - if (UNEXPECTED(overflow)) { - zend_error_noreturn(E_ERROR, "Possible integer overflow in memory allocation (%zu * %zu + %zu)", nmemb, size, offset); - return 0; - } - return res; -} - -#elif SIZEOF_SIZE_T == 4 && defined(HAVE_ZEND_LONG64) - -static inline size_t zend_safe_address(size_t nmemb, size_t size, size_t offset) -{ - zend_ulong64 res = (zend_ulong64)nmemb * (zend_ulong64)size + (zend_ulong64)offset; - - if (UNEXPECTED(res > (zend_ulong64)0xFFFFFFFFL)) { - zend_error_noreturn(E_ERROR, "Possible integer overflow in memory allocation (%zu * %zu + %zu)", nmemb, size, offset); - return 0; - } - return (size_t) res; -} - -#else - -static inline size_t zend_safe_address(size_t nmemb, size_t size, size_t offset) -{ - size_t res = nmemb * size + offset; - double _d = (double)nmemb * (double)size + (double)offset; - double _delta = (double)res - _d; - - if (UNEXPECTED((_d + _delta ) != _d)) { - zend_error_noreturn(E_ERROR, "Possible integer overflow in memory allocation (%zu * %zu + %zu)", nmemb, size, offset); - return 0; - } - return res; -} - -#endif - -#endif - diff --git a/ext/filter/logical_filters.c b/ext/filter/logical_filters.c index 572564ce23..cbefae9d70 100644 --- a/ext/filter/logical_filters.c +++ b/ext/filter/logical_filters.c @@ -24,6 +24,8 @@ #include "ext/standard/url.h" #include "ext/pcre/php_pcre.h" +#include "zend_multiply.h" + #if HAVE_ARPA_INET_H # include #endif diff --git a/ext/standard/math.c b/ext/standard/math.c index d9edc7386e..c957ca4698 100644 --- a/ext/standard/math.c +++ b/ext/standard/math.c @@ -23,6 +23,7 @@ #include "php.h" #include "php_math.h" +#include "zend_multiply.h" #include #include