Skip to content

UBSan address overflowed in ext/pcre/php_pcre.c #16184

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
YuanchengJiang opened this issue Oct 3, 2024 · 1 comment
Closed

UBSan address overflowed in ext/pcre/php_pcre.c #16184

YuanchengJiang opened this issue Oct 3, 2024 · 1 comment
Assignees
@nielsdos
Labels
Bug Extension: pcre Status: Verified

Comments

@YuanchengJiang
Copy link

Description

The following code:

<?php
$string = 'This is a string. It contains numbers (0*9) as well as parentheses and some other things!';
$fusion = preg_replace(array('/\b\w{1}s/', '/(\d{1})*(\d{1})/', '/[\(!\)]/'), array('test', '$1 to $2', '*'), $string);

Resulted in this output:

/php-src/ext/pcre/php_pcre.c:1753:49: runtime error: addition of unsigned offset to 0x7fefcf8491f8 overflowed to 0x7fefcf8491f7
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /php-src/ext/pcre/php_pcre.c:1753:49

PHP Version

PHP 8.4.0-dev

Operating System

ubuntu 22.04
@nielsdos
Copy link
Member

nielsdos commented Oct 3, 2024
edited
Loading

Looks like the offset for the copy is incorrectly used.
Edit: oh it's just the offset being -1. I'll check tonight what we need to do in that case.

@nielsdos nielsdos self-assigned this Oct 3, 2024
nielsdos added a commit to nielsdos/php-src that referenced this issue Oct 3, 2024
@nielsdos
Fix phpGH-16184: UBSan address overflowed in ext/pcre/php_pcre.c
b3b3491 
libpcre2 can return the special value -1 for a non-match.
In this case we get pointer overflow, although it doesn't matter in
practice because the pointer will be in bounds and the copy length will
be 0. Still, we should fix the UBSAN warning.
@nielsdos nielsdos linked a pull request Oct 3, 2024 that will close this issue
Fix GH-16184: UBSan address overflowed in ext/pcre/php_pcre.c #16205
Closed
nielsdos added a commit that referenced this issue Oct 3, 2024
@nielsdos
Merge branch 'PHP-8.2' into PHP-8.3
ddc7a6b 
* PHP-8.2:
  Fix GH-16184: UBSan address overflowed in ext/pcre/php_pcre.c
nielsdos added a commit that referenced this issue Oct 3, 2024
@nielsdos
Merge branch 'PHP-8.3' into PHP-8.4
5839fc5 
* PHP-8.3:
  Fix GH-16184: UBSan address overflowed in ext/pcre/php_pcre.c
nielsdos added a commit that referenced this issue Oct 3, 2024
@nielsdos
Merge branch 'PHP-8.4'
0624eb4 
* PHP-8.4:
  Fix GH-16184: UBSan address overflowed in ext/pcre/php_pcre.c
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nielsdos nielsdos

Labels
Bug Extension: pcre Status: Verified
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix GH-16184: UBSan address overflowed in ext/pcre/php_pcre.c nielsdos/php-src
3 participants
@devnexen @nielsdos @YuanchengJiang