-
Notifications
You must be signed in to change notification settings - Fork 324
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Signed integer overflow in s_get_apply_fn #522
Comments
What version of the extension are you using? The line numbers are off by about 50 lines from current master |
Hey, thank you for the follow-up - this is with version 3.2.0 from PECL on PHP 8.0.25. |
@mszabo-wikia can you test if this minor change is enough ?
|
ALso see pr #526 (you can try issue-522 branch) |
Thank you, I will try out the updated branch & let you know! |
The fixed branch seems to resolve the issue—I haven't yet had time to test to ensure it does not actually change the value of the flags, but this is promising! |
- Add #515 option to locally enforce payload size limit - Add #539 zstd support - Add #540 compression_level option - Mark password as a sensitive param for PHP 8.2 - Fix Windows PHP 8 compatibility - Fix #518 Windows msgpack support - Fix #522 signed integer overflow - Fix #523 incorrect PHP reflection type for Memcached::cas $cas_token - Fix #546 don't check key automatically, unless client-side verify_key is enabled - Fix #555 incompatible pointer types (32-bit)
- Add #515 option to locally enforce payload size limit - Add #539 zstd support - Add #540 compression_level option - Mark password as a sensitive param for PHP 8.2 - Fix Windows PHP 8 compatibility - Fix #518 Windows msgpack support - Fix #522 signed integer overflow - Fix #523 incorrect PHP reflection type for Memcached::cas $cas_token - Fix #546 don't check key automatically, unless client-side verify_key is enabled
While investigating an unrelated issue on a build of PHP + extensions compiled with sanitizers, I stumbled across the following UBSAN error, an apparent signed integer overflow:
I would assume this does not actually break anything as existing code has likely come to rely on the undefined behavior.
I looked into what it would take to run tests with ASAN enabled, but so far it seems it may require a PHP binary itself compiled with ASAN, which is not ideal.
The text was updated successfully, but these errors were encountered: