Commit 8f9322b

iluuu1994 iluuu1994

committed

UTF-8 validate strings before interning

1 parent bdd782e commit 8f9322bCopy full SHA for 8f9322b

File tree

6 files changed

+62

-15

lines changed

Zend
- zend_string.c
- zend_string.h
ext
- mbstring
  - mbstring.c
- opcache
  - ZendAccelerator.c
- pcre
  - php_pcre.c
- zend_test/tests
  - strings_marked_as_utf8.phpt

6 files changed

+62

-15

lines changed

`‎Zend/zend_string.c‎`

Lines changed: 46 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -180,6 +180,10 @@ static zend_always_inline zend_string zend_add_interned_string(zend_string str`
`180`	`180`	`GC_SET_REFCOUNT(str, 1);`
`181`	`181`	`GC_ADD_FLAGS(str, IS_STR_INTERNED \| flags);`
`182`	`182`
	`183`	`+ if (!ZSTR_IS_VALID_UTF8(str) && zend_string_validate_utf8(str)) {`
	`184`	`+ GC_ADD_FLAGS(str, IS_STR_VALID_UTF8);`
	`185`	`+ }`
	`186`	`+`
`183`	`187`	`ZVAL_INTERNED_STR(&val, str);`
`184`	`188`
`185`	`189`	`zend_hash_add_new(interned_strings, str, &val);`
`@@ -493,3 +497,45 @@ ZEND_API zend_string *zend_string_concat3(`
`493`	`497`
`494`	`498`	`return res;`
`495`	`499`	`}`
	`500`	`+`
	`501`	`+// Copyright (c) 2008-2009 Bjoern Hoehrmann <bjoern@hoehrmann.de>`
	`502`	`+// See http://bjoern.hoehrmann.de/utf-8/decoder/dfa/ for details.`
	`503`	`+// https://stackoverflow.com/a/22135005/1320374`
	`504`	`+`
	`505`	`+enum {`
	`506`	`+ UTF8_ACCEPT = 0,`
	`507`	`+ UTF8_REJECT = 1,`
	`508`	`+};`
	`509`	`+`
	`510`	`+static const uint8_t utf8d[] = {`
	`511`	`+ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, // 00..1f`
	`512`	`+ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, // 20..3f`
	`513`	`+ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, // 40..5f`
	`514`	`+ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, // 60..7f`
	`515`	`+ 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9, // 80..9f`
	`516`	`+ 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, // a0..bf`
	`517`	`+ 8,8,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2, // c0..df`
	`518`	`+ 0xa,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x4,0x3,0x3, // e0..ef`
	`519`	`+ 0xb,0x6,0x6,0x6,0x5,0x8,0x8,0x8,0x8,0x8,0x8,0x8,0x8,0x8,0x8,0x8, // f0..ff`
	`520`	`+ 0x0,0x1,0x2,0x3,0x5,0x8,0x7,0x1,0x1,0x1,0x4,0x6,0x1,0x1,0x1,0x1, // s0..s0`
	`521`	`+ 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,0,1,0,1,1,1,1,1,1, // s1..s2`
	`522`	`+ 1,2,1,1,1,1,1,2,1,2,1,1,1,1,1,1,1,1,1,1,1,1,1,2,1,1,1,1,1,1,1,1, // s3..s4`
	`523`	`+ 1,2,1,1,1,1,1,1,1,2,1,1,1,1,1,1,1,1,1,1,1,1,1,3,1,3,1,1,1,1,1,1, // s5..s6`
	`524`	`+ 1,3,1,1,1,1,1,3,1,3,1,1,1,1,1,1,1,3,1,1,1,1,1,1,1,1,1,1,1,1,1,1, // s7..s8`
	`525`	`+};`
	`526`	`+`
	`527`	`+ZEND_API bool zend_string_validate_utf8(zend_string *string) {`
	`528`	`+ char *str = ZSTR_VAL(string);`
	`529`	`+ size_t len = ZSTR_LEN(string);`
	`530`	`+ uint32_t state = UTF8_ACCEPT;`
	`531`	`+`
	`532`	`+ for (size_t i = 0; i < len; i++) {`
	`533`	`+ uint32_t type = utf8d[(uint8_t)str[i]];`
	`534`	`+ state = utf8d[256 + state * 16 + type];`
	`535`	`+`
	`536`	`+ if (state == UTF8_REJECT)`
	`537`	`+ break;`
	`538`	`+ }`
	`539`	`+`
	`540`	`+ return state == UTF8_ACCEPT;`
	`541`	`+}`

`‎Zend/zend_string.h‎`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -78,6 +78,8 @@ ZEND_API extern zend_string *zend_empty_string;`
`78`	`78`	`ZEND_API extern zend_string *zend_one_char_string[256];`
`79`	`79`	`ZEND_API extern zend_string **zend_known_strings;`
`80`	`80`
	`81`	`+ZEND_API bool zend_string_validate_utf8(zend_string *string);`
	`82`	`+`
`81`	`83`	`END_EXTERN_C()`
`82`	`84`
`83`	`85`	`/* Shortcuts */`

`‎ext/mbstring/mbstring.c‎`

Lines changed: 9 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -1804,7 +1804,7 @@ static size_t mb_get_strlen(zend_string string, const mbfl_encoding encoding)`
`1804`	`1804`	`unsigned int char_len = encoding->flag & (MBFL_ENCTYPE_SBCS \| MBFL_ENCTYPE_WCS2 \| MBFL_ENCTYPE_WCS4);`
`1805`	`1805`	`if (char_len) {`
`1806`	`1806`	`return ZSTR_LEN(string) / char_len;`
`1807`		`- } else if (php_mb_is_no_encoding_utf8(encoding->no_encoding) && GC_FLAGS(string)&IS_STR_VALID_UTF8) {`
	`1807`	`+ } else if (php_mb_is_no_encoding_utf8(encoding->no_encoding) && ZSTR_IS_VALID_UTF8(string)) {`
`1808`	`1808`	`return mb_fast_strlen_utf8((unsigned char*)ZSTR_VAL(string), ZSTR_LEN(string));`
`1809`	`1809`	`}`
`1810`	`1810`
`@@ -2254,7 +2254,7 @@ PHP_FUNCTION(mb_substr_count)`
`2254`	`2254`	`if (php_mb_is_no_encoding_utf8(enc->no_encoding)) {`
`2255`	`2255`	`/* No need to do any conversion if haystack/needle are already known-valid UTF-8`
`2256`	`2256`	`* (If they are not valid, then not passing them through conversion filters could affect output) */`
`2257`		`- if (GC_FLAGS(haystack)&IS_STR_VALID_UTF8) {`
	`2257`	`+ if (ZSTR_IS_VALID_UTF8(haystack)) {`
`2258`	`2258`	`haystack_u8 = haystack;`
`2259`	`2259`	`} else {`
`2260`	`2260`	`unsigned int num_errors = 0;`
`@@ -2264,7 +2264,7 @@ PHP_FUNCTION(mb_substr_count)`
`2264`	`2264`	`}`
`2265`	`2265`	`}`
`2266`	`2266`
`2267`		`- if (GC_FLAGS(needle)&IS_STR_VALID_UTF8) {`
	`2267`	`+ if (ZSTR_IS_VALID_UTF8(needle)) {`
`2268`	`2268`	`needle_u8 = needle;`
`2269`	`2269`	`} else {`
`2270`	`2270`	`unsigned int num_errors = 0;`
`@@ -3152,7 +3152,7 @@ PHP_FUNCTION(mb_detect_encoding)`
`3152`	`3152`	`strict = MBSTRG(strict_detection);`
`3153`	`3153`	`}`
`3154`	`3154`
`3155`		`- if (size == 1 && *elist == &mbfl_encoding_utf8 && (GC_FLAGS(str) &IS_STR_VALID_UTF8)) {`
	`3155`	`+ if (size == 1 && *elist == &mbfl_encoding_utf8 && ZSTR_IS_VALID_UTF8(str)) {`
`3156`	`3156`	`ret = &mbfl_encoding_utf8;`
`3157`	`3157`	`} else {`
`3158`	`3158`	`ret = mb_guess_encoding((unsigned char*)ZSTR_VAL(str), ZSTR_LEN(str), elist, size, strict);`
`@@ -5172,11 +5172,13 @@ static bool mb_fast_check_utf8_avx2(zend_string *str)`
`5172`	`5172`	`static bool mb_check_str_encoding(zend_string str, const mbfl_encoding encoding)`
`5173`	`5173`	`{`
`5174`	`5174`	`if (encoding == &mbfl_encoding_utf8) {`
`5175`		`- if (GC_FLAGS(str)&IS_STR_VALID_UTF8) {`
	`5175`	`+ if (ZSTR_IS_VALID_UTF8(str)) {`
`5176`	`5176`	`return true;`
	`5177`	`+ } else if (ZSTR_IS_INTERNED(str)) {`
	`5178`	`+ return false;`
`5177`	`5179`	`}`
`5178`	`5180`	`bool result = mb_fast_check_utf8(str);`
`5179`		`- if (result&& !ZSTR_IS_INTERNED(str)) {`
	`5181`	`+ if (result) {`
`5180`	`5182`	`GC_ADD_FLAGS(str, IS_STR_VALID_UTF8);`
`5181`	`5183`	`}`
`5182`	`5184`	`return result;`
`@@ -5439,7 +5441,7 @@ PHP_FUNCTION(mb_scrub)`
`5439`	`5441`	`RETURN_THROWS();`
`5440`	`5442`	`}`
`5441`	`5443`
`5442`		`- if (enc == &mbfl_encoding_utf8 && (GC_FLAGS(str) &IS_STR_VALID_UTF8)) {`
	`5444`	`+ if (enc == &mbfl_encoding_utf8 && ZSTR_IS_VALID_UTF8(str)) {`
`5443`	`5445`	`/* A valid UTF-8 string will not be changed by mb_scrub; so just increment the refcount and return it */`
`5444`	`5446`	`RETURN_STR_COPY(str);`
`5445`	`5447`	`}`

`‎ext/opcache/ZendAccelerator.c‎`

Lines changed: 3 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -550,6 +550,9 @@ zend_string* ZEND_FASTCALL accel_new_interned_string(zend_string *str)`
`550`	`550`	`*hash_slot = STRTAB_STR_TO_POS(&ZCSG(interned_strings), s);`
`551`	`551`	`GC_SET_REFCOUNT(s, 2);`
`552`	`552`	`GC_TYPE_INFO(s) = GC_STRING \| ((IS_STR_INTERNED \| IS_STR_PERMANENT) << GC_FLAGS_SHIFT)\| (ZSTR_IS_VALID_UTF8(str) ? IS_STR_VALID_UTF8 : 0);`
	`553`	`+ if (!ZSTR_IS_VALID_UTF8(s) && zend_string_validate_utf8(str)) {`
	`554`	`+ GC_ADD_FLAGS(s, IS_STR_VALID_UTF8);`
	`555`	`+ }`
`553`	`556`	`ZSTR_H(s) = h;`
`554`	`557`	`ZSTR_LEN(s) = ZSTR_LEN(str);`
`555`	`558`	`memcpy(ZSTR_VAL(s), ZSTR_VAL(str), ZSTR_LEN(s) + 1);`

`‎ext/pcre/php_pcre.c‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1125,7 +1125,7 @@ static void php_do_pcre_match(INTERNAL_FUNCTION_PARAMETERS, int global) /* {{{ *`
`1125`	`1125`
`1126`	`1126`	`static zend_always_inline bool is_known_valid_utf8(`
`1127`	`1127`	`zend_string *subject_str, PCRE2_SIZE start_offset) {`
`1128`		`- if (!(GC_FLAGS(subject_str) &IS_STR_VALID_UTF8)) {`
	`1128`	`+ if (!ZSTR_IS_VALID_UTF8(subject_str)) {`
`1129`	`1129`	`/* We don't know whether the string is valid UTF-8 or not. */`
`1130`	`1130`	`return 0;`
`1131`	`1131`	`}`

`‎ext/zend_test/tests/strings_marked_as_utf8.phpt‎`

Lines changed: 1 addition & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -47,12 +47,6 @@ $s = "f" . "o";`
`47`	`47`	`var_dump($s);`
`48`	`48`	`var_dump(zend_test_is_string_marked_as_valid_utf8($s));`
`49`	`49`
`50`		`-// The "foo" string matches with a "Foo" class which is registered by the zend_test extension.`
`51`		`-// That class name does not have the "valid UTF-8" flag because class names in general`
`52`		`-// don't have to be UTF-8. As the "foo" string here goes through the interning logic,`
`53`		`-// the string gets replaced by the "foo" string from the class, which does`
`54`		`-// not have the "valid UTF-8" flag. We therefore choose a different test case: "fxo".`
`55`		`-// The previous "foo" test case works because it is not interned.`
`56`	`50`	`echo "Multiple concatenation known valid UTF-8 in assignment:\n";`
`57`	`51`	`$s = "f" . "o" . "o";`
`58`	`52`	`var_dump($s);`
`@@ -167,7 +161,7 @@ string(2) "fo"`
`167`	`161`	`bool(true)`
`168`	`162`	`Multiple concatenation known valid UTF-8 in assignment:`
`169`	`163`	`string(3) "foo"`
`170`		`-bool(false)`
	`164`	`+bool(true)`
`171`	`165`	`string(3) "fxo"`
`172`	`166`	`bool(true)`
`173`	`167`	`Concatenation known valid UTF-8 string with empty string in variables:`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit 8f9322b

File tree

6 files changed

6 files changed

`‎Zend/zend_string.c‎`

`‎Zend/zend_string.h‎`

`‎ext/mbstring/mbstring.c‎`

`‎ext/opcache/ZendAccelerator.c‎`

`‎ext/pcre/php_pcre.c‎`

`‎ext/zend_test/tests/strings_marked_as_utf8.phpt‎`

0 commit comments