From f4bf97596266651de0e6d3145b75b8162ceb33ec Mon Sep 17 00:00:00 2001 From: George Peter Banyard Date: Tue, 11 Jul 2023 16:14:18 +0100 Subject: [PATCH 1/2] ext/posix: posix_isatty() fix use-of-uninitialized-value When the value passed is not representable as an int then it is not a TTY and thus should return false immediately. Moreover, we need to actually retrieve the zend_long from the zval. This was reported by MSAN. --- ext/posix/posix.c | 3 ++- ext/posix/tests/posix_isatty_manual_zpp.phpt | 4 ---- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/ext/posix/posix.c b/ext/posix/posix.c index 4ba3588a63a1b..6a2ea55c7a0b4 100644 --- a/ext/posix/posix.c +++ b/ext/posix/posix.c @@ -516,8 +516,9 @@ PHP_FUNCTION(posix_isatty) if (!zend_parse_arg_long(z_fd, &fd, /* is_null */ NULL, /* check_null */ false, /* arg_num */ 1)) { php_error_docref(NULL, E_WARNING, "Argument #1 ($file_descriptor) must be of type int|resource, %s given", zend_zval_value_name(z_fd)); - fd = zval_get_long(z_fd); + RETURN_FALSE; } + fd = zval_get_long(z_fd); } /* A valid file descriptor must fit in an int and be positive */ diff --git a/ext/posix/tests/posix_isatty_manual_zpp.phpt b/ext/posix/tests/posix_isatty_manual_zpp.phpt index 6a20801af208d..11843189f3d6f 100644 --- a/ext/posix/tests/posix_isatty_manual_zpp.phpt +++ b/ext/posix/tests/posix_isatty_manual_zpp.phpt @@ -58,13 +58,9 @@ Warning: posix_isatty(): Argument #1 ($file_descriptor) must be of type int|reso bool(false) class: Warning: posix_isatty(): Argument #1 ($file_descriptor) must be of type int|resource, stdClass given in %s on line %d - -Warning: Object of class stdClass could not be converted to int in %s on line %d bool(false) stringable class: Warning: posix_isatty(): Argument #1 ($file_descriptor) must be of type int|resource, classWithToString given in %s on line %d - -Warning: Object of class classWithToString could not be converted to int in %s on line %d bool(false) int castable class: Warning: posix_isatty(): Argument #1 ($file_descriptor) must be of type int|resource, GMP given in %s on line %d From 897c30b01cc4edea0617b4cc4b0672410b6361af Mon Sep 17 00:00:00 2001 From: George Peter Banyard Date: Tue, 11 Jul 2023 16:26:54 +0100 Subject: [PATCH 2/2] Remove redundandant alloc --- ext/posix/posix.c | 1 - 1 file changed, 1 deletion(-) diff --git a/ext/posix/posix.c b/ext/posix/posix.c index 6a2ea55c7a0b4..8d8c608ef2b17 100644 --- a/ext/posix/posix.c +++ b/ext/posix/posix.c @@ -518,7 +518,6 @@ PHP_FUNCTION(posix_isatty) zend_zval_value_name(z_fd)); RETURN_FALSE; } - fd = zval_get_long(z_fd); } /* A valid file descriptor must fit in an int and be positive */