diff options
author | Nikita Popov <nikita.ppv@gmail.com> | 2019-04-12 16:46:23 +0200 |
---|---|---|
committer | Nikita Popov <nikita.ppv@gmail.com> | 2019-04-12 16:46:23 +0200 |
commit | 3c23084cf6ea04c9fe4396c9ae7e5c1d8bb3d37e (patch) | |
tree | c2354d84bcb930997a50289bd36ca12d350029b1 /sapi/phpdbg/phpdbg_wait.c | |
parent | 4cfa4fb55d8304ffab5860e7134d0705d27b4477 (diff) | |
download | php-git-3c23084cf6ea04c9fe4396c9ae7e5c1d8bb3d37e.tar.gz |
Fix strict aliasing violation in phpdbg
By explicitly computing the message length from bytes. This also
makes sure that the length is interpreted in an endianness-independent
manner.
Diffstat (limited to 'sapi/phpdbg/phpdbg_wait.c')
-rw-r--r-- | sapi/phpdbg/phpdbg_wait.c | 22 |
1 files changed, 13 insertions, 9 deletions
diff --git a/sapi/phpdbg/phpdbg_wait.c b/sapi/phpdbg/phpdbg_wait.c index 738b4669f2..69be24a953 100644 --- a/sapi/phpdbg/phpdbg_wait.c +++ b/sapi/phpdbg/phpdbg_wait.c @@ -379,21 +379,25 @@ PHPDBG_COMMAND(wait) /* {{{ */ return FAILURE; } - char msglen[5]; - int recvd = 4; + unsigned char msglen_buf[4]; + int needed = 4; do { - recvd -= recv(sr, &(msglen[4 - recvd]), recvd, 0); - } while (recvd > 0); + needed -= recv(sr, &msglen_buf[4 - needed], needed, 0); + } while (needed > 0); - recvd = *(size_t *) msglen; - char *data = emalloc(recvd); + uint32_t msglen = (msglen_buf[3] << 24) + | (msglen_buf[2] << 16) + | (msglen_buf[1] << 8) + | (msglen_buf[0] << 0); + char *data = emalloc(msglen); + needed = msglen; do { - recvd -= recv(sr, &(data[(*(int *) msglen) - recvd]), recvd, 0); - } while (recvd > 0); + needed -= recv(sr, &(data[msglen - needed]), needed, 0); + } while (needed > 0); - phpdbg_webdata_decompress(data, *(int *) msglen); + phpdbg_webdata_decompress(data, msglen); if (PHPDBG_G(socket_fd) != -1) { close(PHPDBG_G(socket_fd)); |