Skip to content

ext/bcmath: Prevent overflow of uint32_t/uint64_t #14297

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
May 22, 2024
Merged

ext/bcmath: Prevent overflow of uint32_t/uint64_t #14297

merged 3 commits into from
May 22, 2024

Conversation

SakiTakamachi
Copy link
Member

If add more than a certain number of times, it will overflow, so need to adjust the digits before adding.

@SakiTakamachi
ext/bcmath: Prevent overflow of uint32_t/uint64_t.
0a1de07 
If add more than a certain number of times, it will overflow, so need to adjust
the digits before adding.
nielsdos
nielsdos reviewed May 22, 2024
View reviewed changes
Copy link
Member

@nielsdos nielsdos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice approach and good catch, thanks!

ext/bcmath/libbcmath/src/recmul.c Outdated
#include "private.h" /* For _bc_rm_leading_zeros() */
#include "zend_alloc.h"


#if SIZEOF_SIZE_T >= 8
# define BC_MUL_UINT_DIGITS 8
# define BC_MUL_UINT_OVERFLOW 100000000
# define BC_MUL_UINT_OVERFLOW (BC_UINT_T) 100000000
# define BC_MUL_MAX_ADD_COUNT (ULONG_MAX / (BC_MUL_UINT_OVERFLOW * BC_MUL_UINT_OVERFLOW))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note that the size of a long is not necessarily the size of size_t.
I think I prefer a single definition:
#define BC_MUL_MAX_ADD_COUNT (~((BC_UINT_T) 0) / (BC_MUL_UINT_OVERFLOW * BC_MUL_UINT_OVERFLOW))

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's cool! thx

nielsdos
nielsdos approved these changes May 22, 2024
View reviewed changes
Copy link
Member

@nielsdos nielsdos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems right to me, thanks Saki!

@SakiTakamachi SakiTakamachi marked this pull request as ready for review May 22, 2024 16:20
@SakiTakamachi SakiTakamachi requested a review from Girgias as a code owner May 22, 2024 16:20
@SakiTakamachi
Copy link
Member Author

I'll merge this after CI passes

@SakiTakamachi SakiTakamachi merged commit 8734a9a into php:master May 22, 2024
9 of 10 checks passed
@SakiTakamachi SakiTakamachi mentioned this pull request May 22, 2024
Merged
@SakiTakamachi SakiTakamachi deleted the fix_bcmul_overflow branch May 22, 2024 23:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nielsdos nielsdos nielsdos approved these changes

@Girgias Girgias Girgias approved these changes

Assignees
No one assigned
Labels
Extension: bcmath
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@SakiTakamachi @nielsdos @Girgias