zend_long: Remove ZEND_LTOA() (#20236)

* zend_long: Remove `ZEND_LTOA()` This macro is unsafe when the given buffer is too small, since `snprintf()` returns the *required* length of the string if it would fit. Thus unconditionally writing a NUL there might result in a out-of-bounds write. * zend_long: Remove `ZEND_LTOA_BUF_LEN`
2026-03-24 00:02:20 +01:00 · 2025-10-20 08:36:41 +02:00
parent e6c52bc26a
commit 1ef7abf2be
3 changed files with 5 additions and 17 deletions
--- a/UPGRADING.INTERNALS
+++ b/UPGRADING.INTERNALS
@@ -29,6 +29,9 @@ PHP 8.6 INTERNALS UPGRADE NOTES
  . CHECK_ZVAL_NULL_PATH() and CHECK_NULL_PATH() have been removed, use
    zend_str_has_nul_byte(Z_STR_P(...)) and zend_char_has_nul_byte()
    respectively.
+  . ZEND_LTOA() (and ZEND_LTOA_BUF_LEN) has been removed, as it was
+    unsafe. Directly use ZEND_LONG_FMT with a function from the
+    printf family.

 ========================
 2. Build system changes
--- a/Zend/zend_long.h
+++ b/Zend/zend_long.h
@@ -51,9 +51,6 @@ typedef int32_t zend_off_t;
 #endif


-/* Conversion macros. */
-#define ZEND_LTOA_BUF_LEN 65
-
 #ifdef ZEND_ENABLE_ZVAL_LONG64
 # define ZEND_LONG_FMT "%" PRId64
 # define ZEND_ULONG_FMT "%" PRIu64
@@ -61,7 +58,6 @@ typedef int32_t zend_off_t;
 # define ZEND_LONG_FMT_SPEC PRId64
 # define ZEND_ULONG_FMT_SPEC PRIu64
 # ifdef ZEND_WIN32
-#  define ZEND_LTOA(i, s, len) _i64toa_s((i), (s), (len), 10)
 #  define ZEND_ATOL(s) _atoi64((s))
 #  define ZEND_STRTOL(s0, s1, base) _strtoi64((s0), (s1), (base))
 #  define ZEND_STRTOUL(s0, s1, base) _strtoui64((s0), (s1), (base))
@@ -69,11 +65,6 @@ typedef int32_t zend_off_t;
 #  define ZEND_STRTOUL_PTR _strtoui64
 #  define ZEND_ABS _abs64
 # else
-#  define ZEND_LTOA(i, s, len) \
-	do { \
-		int st = snprintf((s), (len), ZEND_LONG_FMT, (i)); \
-		(s)[st] = '\0'; \
- 	} while (0)
 #  define ZEND_ATOL(s) atoll((s))
 #  define ZEND_STRTOL(s0, s1, base) strtoll((s0), (s1), (base))
 #  define ZEND_STRTOUL(s0, s1, base) strtoull((s0), (s1), (base))
@@ -90,14 +81,8 @@ typedef int32_t zend_off_t;
 # define ZEND_LONG_FMT_SPEC PRId32
 # define ZEND_ULONG_FMT_SPEC PRIu32
 # ifdef ZEND_WIN32
-#  define ZEND_LTOA(i, s, len) _ltoa_s((i), (s), (len), 10)
 #  define ZEND_ATOL(s) atol((s))
 # else
-#  define ZEND_LTOA(i, s, len) \
-	do { \
-		int st = snprintf((s), (len), ZEND_LONG_FMT, (i)); \
-		(s)[st] = '\0'; \
- 	} while (0)
 #  define ZEND_ATOL(s) atol((s))
 # endif
 # define ZEND_STRTOL_PTR strtol
--- a/ext/standard/hrtime.c
+++ b/ext/standard/hrtime.c
@@ -31,9 +31,9 @@
 	} while (0)
 #endif
 #define PHP_RETURN_HRTIME(t) do { \
-	char _a[ZEND_LTOA_BUF_LEN]; \
+	char _a[65]; \
 	double _d; \
-	HRTIME_U64A(t, _a, ZEND_LTOA_BUF_LEN); \
+	HRTIME_U64A(t, _a, sizeof(_a)); \
 	_d = zend_strtod(_a, NULL); \
 	RETURN_DOUBLE(_d); \
 	} while (0)