php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 00:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix memsize check for xxh32

Browse Source 
Copy-paste mistake: The memsize limit for xxh32 should be 16,
rather than 32 (which is correct for xxh64).

Probably fixes oss-fuzz #29661.
This commit is contained in:
Nikita Popov
2021-01-18 10:35:01 +01:00
parent 9862296d46
commit e8a0ae186f
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ext/hash/hash_xxhash.c
View File

@@ -84,7 +84,7 @@ static int php_hash_xxh32_unserialize(
int r = FAILURE;
if (magic == PHP_HASH_SERIALIZE_MAGIC_SPEC
&& (r = php_hash_unserialize_spec(hash, zv, PHP_XXH32_SPEC)) == SUCCESS
&& ctx->s.memsize < 32) {
&& ctx->s.memsize < 16) {
return SUCCESS;
} else {
return r != SUCCESS ? r : -2000;

2
ext/hash/tests/xxhash_unserialize_memsize.phpt
View File

@@ -4,7 +4,7 @@ xxhash memsize must be in range when unserializing
<?php
try {
$str = <<<'STR'
O:11:"HashContext":5:{i:0;s:5:"xxh32";i:1;i:0;i:2;a:12:{i:0;i:0;i:1;i:0;i:2;i:606290984;i:3;i:-2048144777;i:4;i:0;i:5;i:1640531535;i:6;i:0;i:7;i:0;i:8;i:0;i:9;i:0;i:10;i:80;i:11;i:0;}i:3;i:2;i:4;a:0:{}}
O:11:"HashContext":5:{i:0;s:5:"xxh32";i:1;i:0;i:2;a:12:{i:0;i:0;i:1;i:0;i:2;i:606290984;i:3;i:-2048144777;i:4;i:0;i:5;i:1640531535;i:6;i:0;i:7;i:0;i:8;i:0;i:9;i:0;i:10;i:30;i:11;i:0;}i:3;i:2;i:4;a:0:{}}
STR;
$hash = unserialize($str);
hash_update($hash, '');