]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b219488)
Fixed bug #47745 (FILTER_VALIDATE_INT doesn't allow minimum integer)
authorDmitry Stogov <dmitry@php.net>
Tue, 31 Mar 2009 10:02:51 +0000 (10:02 +0000)
committerDmitry Stogov <dmitry@php.net>
Tue, 31 Mar 2009 10:02:51 +0000 (10:02 +0000)
ext/filter/logical_filters.c patch | blob | history
ext/filter/tests/bug47745.phpt [new file with mode: 0644] patch | blob

diff --git a/ext/filter/logical_filters.c b/ext/filter/logical_filters.c
index 3f9e25839c45ee63f4969e1b9d9e898e435dd62e..6fdc37b55804485479d5d3c2d0d2ea52a8e7adc0 100644 (file)
--- a/ext/filter/logical_filters.c
+++ b/ext/filter/logical_filters.c
@@ -74,14 +74,12 @@
 
 static int php_filter_parse_int(const char *str, unsigned int str_len, long *ret TSRMLS_DC) { /* {{{ */
        long ctx_value;
-       long sign = 1;
+       long sign = 0;
        const char *end = str + str_len;
-       double dval;
-       long overflow;
 
        switch (*str) {
                case '-':
-                       sign = -1;
+                       sign = 1;
                case '+':
                        str++;
                default:
@@ -95,22 +93,29 @@ static int php_filter_parse_int(const char *str, unsigned int str_len, long *ret
                return -1;
        }
 
+       if ((end - str > MAX_LENGTH_OF_LONG - 1) /* number too long */
+        || (SIZEOF_LONG == 4 && end - str == MAX_LENGTH_OF_LONG - 1 && *str > '2')) {
+               /* overflow */
+               return -1;
+       }
+
        while (str < end) {
                if (*str >= '0' && *str <= '9') {
-                       ZEND_SIGNED_MULTIPLY_LONG(ctx_value, 10, ctx_value, dval, overflow);
-                       if (overflow) {
-                               return -1;
-                       }
-                       ctx_value += ((*(str++)) - '0');
-                       if (ctx_value & LONG_SIGN_MASK) {
-                               return -1;
-                       }
+                       ctx_value = (ctx_value * 10) + (*(str++) - '0');                                                                \
                } else {
                        return -1;
                }
        }
+       if (sign) {
+               ctx_value = -ctx_value;
+               if (ctx_value > 0) { /* overflow */
+                       return -1;
+               }
+       } else if (ctx_value < 0) { /* overflow */
+               return -1;
+       }
 
-       *ret = ctx_value * sign;
+       *ret = ctx_value;
        return 1;
 }
 /* }}} */
diff --git a/ext/filter/tests/bug47745.phpt b/ext/filter/tests/bug47745.phpt
new file mode 100644 (file)
index 0000000..a8656fd
--- /dev/null
+++ b/ext/filter/tests/bug47745.phpt
@@ -0,0 +1,11 @@
+--TEST--
+Bug #47745 (FILTER_VALIDATE_INT doesn't allow minimum integer)
+--FILE--
+<?php
+$s = (string)(-PHP_INT_MAX-1);
+var_dump(intval($s));
+var_dump(filter_var($s, FILTER_VALIDATE_INT));
+?>
+--EXPECTF--
+int(-%d)
+int(-%d)
Unnamed repository; edit this file 'description' to name the repository.