]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8063c11)
MFH: Fixed overflow crash (at least on Windows) in div_function with LONG_MIN / -1
authorMatt Wilmas <mattwil@php.net>
Thu, 29 May 2008 11:45:28 +0000 (11:45 +0000)
committerMatt Wilmas <mattwil@php.net>
Thu, 29 May 2008 11:45:28 +0000 (11:45 +0000)
Zend/zend_operators.c patch | blob | history

diff --git a/Zend/zend_operators.c b/Zend/zend_operators.c
index 69131061280a4595929c6b06a89eeb45f212ae0c..a2eeef6a2e45ec4295fee4ac0eea5c0136a3318e 100644 (file)
--- a/Zend/zend_operators.c
+++ b/Zend/zend_operators.c
@@ -891,6 +891,11 @@ ZEND_API int div_function(zval *result, zval *op1, zval *op2 TSRMLS_DC)
                return FAILURE;                 /* division by zero */
        }
        if (op1->type == IS_LONG && op2->type == IS_LONG) {
+               if (Z_LVAL_P(op2) == -1 && Z_LVAL_P(op1) == LONG_MIN) {
+                       /* Prevent overflow error/crash */
+                       ZVAL_DOUBLE(result, (double) LONG_MIN / -1);
+                       return SUCCESS;
+               }
                if (op1->value.lval % op2->value.lval == 0) { /* integer */
                        result->type = IS_LONG;
                        result->value.lval = op1->value.lval / op2->value.lval;
Unnamed repository; edit this file 'description' to name the repository.