Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Segmentation fault (address overflow) in ext/bcmath/libbcmath/src/div.c:55 #16394

Open
YuanchengJiang opened this issue Oct 12, 2024 · 2 comments
Open

Segmentation fault (address overflow) in ext/bcmath/libbcmath/src/div.c:55 #16394

YuanchengJiang opened this issue Oct 12, 2024 · 2 comments
Labels
Bug Extension: bcmath Status: Needs Triage

Comments

@YuanchengJiang
Copy link

Description

The following code:

<?php
bcdiv(1,300,1);

Resulted in this output:

/php-src/ext/bcmath/libbcmath/src/div.c:55:7: runtime error: addition of unsigned offset to 0x7f4af5c02120 overflowed to 0x7f4af5c02118

PHP Version

nightly

Operating System

ubuntu 22.04
@nielsdos
Copy link
Member

Likely related to #16262

@cmb69
Copy link
Member

cmb69 commented Oct 12, 2024

Not sure. This one fails due to unsigned underflow in bc_fast_div() (bc_standard_div() would have the same issue):

php-src/ext/bcmath/libbcmath/src/div.c

Line 52 in 35c8a01

size_t numerator_top_index = numerator_arr_size - 1;

As such, it is more related to #16265.

While #16262 fails due to unsigned underflow earlier:

php-src/ext/bcmath/libbcmath/src/div.c

Line 445 in 35c8a01

size_t numerator_readable_len = numeratorend - numeratorptr + 1;

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Extension: bcmath Status: Needs Triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cmb69 @nielsdos @YuanchengJiang