mirror of
https://github.com/php/php-src.git
synced 2026-03-27 01:32:22 +01:00
998ede7123
This fixes:
==374077== Use of uninitialised value of size 8
==374077== at 0x532B06: generate (engine_user.c:39)
==374077== by 0x533F71: zim_Random_Randomizer_getBytes (randomizer.c:152)
==374077== by 0x7F581D: ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:1885)
==374077== by 0x8725BE: execute_ex (zend_vm_execute.h:55930)
==374077== by 0x877DB4: zend_execute (zend_vm_execute.h:60253)
==374077== by 0x7B0FD4: zend_execute_scripts (zend.c:1770)
==374077== by 0x6F1647: php_execute_script (main.c:2535)
==374077== by 0x937DA4: do_cli (php_cli.c:964)
==374077== by 0x938C3A: main (php_cli.c:1333)
==374077==
==374077== Invalid read of size 8
==374077== at 0x532B06: generate (engine_user.c:39)
==374077== by 0x533F71: zim_Random_Randomizer_getBytes (randomizer.c:152)
==374077== by 0x7F581D: ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:1885)
==374077== by 0x8725BE: execute_ex (zend_vm_execute.h:55930)
==374077== by 0x877DB4: zend_execute (zend_vm_execute.h:60253)
==374077== by 0x7B0FD4: zend_execute_scripts (zend.c:1770)
==374077== by 0x6F1647: php_execute_script (main.c:2535)
==374077== by 0x937DA4: do_cli (php_cli.c:964)
==374077== by 0x938C3A: main (php_cli.c:1333)
==374077== Address 0x11 is not stack'd, malloc'd or (recently) free'd
76 lines
2.1 KiB
C
76 lines
2.1 KiB
C
/*
|
|
+----------------------------------------------------------------------+
|
|
| Copyright (c) The PHP Group |
|
|
+----------------------------------------------------------------------+
|
|
| This source file is subject to version 3.01 of the PHP license, |
|
|
| that is bundled with this package in the file LICENSE, and is |
|
|
| available through the world-wide-web at the following url: |
|
|
| https://www.php.net/license/3_01.txt |
|
|
| If you did not receive a copy of the PHP license and are unable to |
|
|
| obtain it through the world-wide-web, please send a note to |
|
|
| license@php.net so we can mail you a copy immediately. |
|
|
+----------------------------------------------------------------------+
|
|
| Author: Go Kudo <g-kudo@colopl.co.jp> |
|
|
+----------------------------------------------------------------------+
|
|
*/
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
# include "config.h"
|
|
#endif
|
|
|
|
#include "php.h"
|
|
#include "php_random.h"
|
|
|
|
static uint64_t generate(php_random_status *status)
|
|
{
|
|
php_random_status_state_user *s = status->state;
|
|
uint64_t result = 0;
|
|
size_t size;
|
|
zval retval;
|
|
|
|
zend_call_known_instance_method_with_0_params(s->generate_method, s->object, &retval);
|
|
|
|
if (EG(exception)) {
|
|
status->last_unsafe = true;
|
|
return 0;
|
|
}
|
|
|
|
/* Store generated size in a state */
|
|
size = Z_STRLEN(retval);
|
|
|
|
/* Guard for over 64-bit results */
|
|
if (size > sizeof(uint64_t)) {
|
|
size = sizeof(uint64_t);
|
|
}
|
|
status->last_generated_size = size;
|
|
|
|
if (size > 0) {
|
|
/* Endianness safe copy */
|
|
for (size_t i = 0; i < size; i++) {
|
|
result += ((uint64_t) (unsigned char) Z_STRVAL(retval)[i]) << (8 * i);
|
|
}
|
|
} else {
|
|
status->last_unsafe = true;
|
|
return 0;
|
|
}
|
|
|
|
zval_ptr_dtor(&retval);
|
|
|
|
return result;
|
|
}
|
|
|
|
static zend_long range(php_random_status *status, zend_long min, zend_long max)
|
|
{
|
|
return php_random_range(&php_random_algo_user, status, min, max);
|
|
}
|
|
|
|
const php_random_algo php_random_algo_user = {
|
|
0,
|
|
sizeof(php_random_status_state_user),
|
|
NULL,
|
|
generate,
|
|
range,
|
|
NULL,
|
|
NULL,
|
|
};
|