fix unsafe ops

zeriyoshi · zeriyoshi · commit c26b9c3d9be2 · 2022-02-17T18:47:41.000+09:00
diff --git a/ext/random/random.c b/ext/random/random.c
@@ -603,6 +603,11 @@ static uint64_t user_generate(void *state) {
 
 	/* Store generated size in a state */
 	size = Z_STR(retval)->len;
+
+	/* Guard for over 64-bit results */
+	if (size > sizeof(uint64_t)) {
+		size = sizeof(uint64_t);
+	}
 	s->last_generate_size = size;
 
 	if (size > 0) {
diff --git a/ext/random/tests/randomizer/get_bytes.phpt b/ext/random/tests/randomizer/get_bytes.phpt
@@ -16,6 +16,7 @@ $randomizer = new \Random\Randomizer (
                 2 => 'l',
                 3 => 'l',
                 4 => 'o',
+                5 => \random_bytes(32), // 128-bit
             };
         }
     }
@@ -25,6 +26,8 @@ if ($randomizer->getBytes(5) !== 'Hello') {
     die('failure');
 }
 
+$randomizer->getBytes(6);
+
 die('success');
 ?>
 --EXPECTF--

Original file line number	Diff line number	Diff line change
`@@ -16,6 +16,7 @@ $randomizer = new \Random\Randomizer (`
`16`	`16`	`2 => 'l',`
`17`	`17`	`3 => 'l',`
`18`	`18`	`4 => 'o',`
	`19`	`+ 5 => \random_bytes(32), // 128-bit`
`19`	`20`	`};`
`20`	`21`	`}`
`21`	`22`	`}`
`@@ -25,6 +26,8 @@ if ($randomizer->getBytes(5) !== 'Hello') {`
`25`	`26`	`die('failure');`
`26`	`27`	`}`
`27`	`28`
	`29`	`+$randomizer->getBytes(6);`
	`30`	`+`
`28`	`31`	`die('success');`
`29`	`32`	`?>`
`30`	`33`	`--EXPECTF--`