Skip to content

php-gmp is using a version of libgmp that terminates the process on several operations #18819

New issue
New issue
Closed
Closed
php-gmp is using a version of libgmp that terminates the process on several operations#18819
Assignees
Girgias
Labels
BugExtension: gmpStatus: Needs TriageStatus: Verified
@sha0coder

Description

@sha0coder
sha0coder
opened on Jun 10, 2025

Description

Unexpected mpz overflow, in the libgmp version used on php-gmp

The following code:

~ ❯❯❯ php8.4 -a                                                                                                                                         ✘ 134
Interactive shell

php > $trigger=0xfffffffff; $a = gmp_init("241"); $b = 137;  $a =  gmp_mul($a, gmp_pow(2, $b));   $a = gmp_strval( gmp_pow( $b, $trigger));  echo $a . "\n";

Resulted in this output:

gmp: overflow in mpz type
fish: Job 1, 'php8.4 -a' terminated by signal SIGABRT (Abort)

php-gmp is using a version of the library libgmp that __gmpz_n_pow_ui triggers abort() on specific cases.
They uses MUL instruction and check if rdx>0 then abort process.

Image
Image

if $trigger is 0xffffffff --> consume resources infinitely (prolly because my php.ini's memory_limit = -1)

if $trigger is 0xfffffffff -> abort() call ends the php process.

regards.

PHP Version

PHP 8.4.7 (cli) (built: May  9 2025 06:54:08) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.4.7, Copyright (c) Zend Technologies
    with Zend OPcache v8.4.7, Copyright (c), by Zend Technologies

Operating System

pop-os

Metadata

Metadata

Assignees

Labels

BugExtension: gmpStatus: Needs TriageStatus: Verified

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions