Skip to content

[random] Suppress UBSan #9060

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 2 commits into from
Closed

[random] Suppress UBSan #9060

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
9fe30a1
random: suppress UBSan
zeriyoshi Jul 20, 2022
9eb0ae8
fix: no_sanitize attribute requires GCC 8 or higher
zeriyoshi Jul 20, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 10 additions & 4 deletions ext/random/random.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,14 @@

#if __has_feature(memory_sanitizer)
# include <sanitizer/msan_interface.h>
# define MSAN_UNPOISON(ptr, size) __msan_unpoison((ptr), (size));
Copy link
Contributor

@guilliamxavier guilliamxavier Jul 20, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

trailing semicolon to remove? (but why touch this part anyway?)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is because we initially used a similar macro branch. Revert back to the original.

#else
# define MSAN_UNPOISON(ptr, size)
#endif
#if __has_feature(undefined_behavior_sanitizer) || ZEND_GCC_VERSION >= 8000
# define UBSAN_SUPPRESS_SIGNED_INTEGER_OVERFLOW __attribute__((no_sanitize("signed-integer-overflow")))
#else
# define UBSAN_SUPPRESS_SIGNED_INTEGER_OVERFLOW
#endif

#include "random_arginfo.h"
Expand Down Expand Up @@ -317,7 +325,7 @@ PHPAPI zend_object *php_random_engine_common_clone_object(zend_object *object)
}

/* {{{ php_random_range */
PHPAPI zend_long php_random_range(const php_random_algo *algo, php_random_status *status, zend_long min, zend_long max)
UBSAN_SUPPRESS_SIGNED_INTEGER_OVERFLOW PHPAPI zend_long php_random_range(const php_random_algo *algo, php_random_status *status, zend_long min, zend_long max)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we not avoid this undefined behavior by using unsigned integers and only then casting them to signed? I think all we might need is:

return (zend_long) (rand_range64(algo, status, umax) + min);

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Related, php_random_int does umax = (zend_ulong) max - (zend_ulong) min;

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@iluuu1994 @guilliamxavier
I had BC break concerns about this, but apparently my fears were unfounded. I will correct it to the appropriate form. Thanks!

$ docker run --rm -it arm64v8/php:8.1-cli -r 'mt_srand(1234); echo mt_rand(PHP_INT_MIN, PHP_INT_MAX) . PHP_EOL;'
-5690461752414248237
$ docker run --rm -it amd64/php:8.1-cli -r 'mt_srand(1234); echo mt_rand(PHP_INT_MIN, PHP_INT_MAX) . PHP_EOL;'
WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested
-5690461752414248237

{
zend_ulong umax = max - min;

Expand Down Expand Up @@ -539,10 +547,8 @@ PHPAPI int php_random_bytes(void *bytes, size_t size, bool should_throw)
}
}

# if __has_feature(memory_sanitizer)
/* MSan does not instrument manual syscall invocations. */
__msan_unpoison(bytes + read_bytes, n);
# endif
MSAN_UNPOISON(bytes + read_bytes, n);
read_bytes += (size_t) n;
}
# endif
Expand Down