]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4458f3b)
fix stack overflow in php_intlog10abs()
authorNuno Lopes <nlopess@php.net>
Fri, 11 May 2012 16:50:29 +0000 (12:50 -0400)
committerNuno Lopes <nlopess@php.net>
Fri, 11 May 2012 17:07:21 +0000 (13:07 -0400)
bug uncovered by LLVM/clang's new -fbounds-checking switch
this patch fixes a crash in ext/standard/tests/math/round_large_exp.phpt

ext/standard/math.c patch | blob | history

diff --git a/ext/standard/math.c b/ext/standard/math.c
index 302fbdae488f1f188fe370490f17a4a2ce3f9450..65187f6fa10f32832c23359eae2a12f9a3516c34 100644 (file)
--- a/ext/standard/math.c
+++ b/ext/standard/math.c
@@ -37,7 +37,7 @@ static inline int php_intlog10abs(double value) {
        int result;
        value = fabs(value);
 
-       if (value < 1e-8 || value > 1e23) {
+       if (value < 1e-8 || value > 1e22) {
                result = (int)floor(log10(value));
        } else {
                static const double values[] = {
@@ -46,7 +46,7 @@ static inline int php_intlog10abs(double value) {
                        1e8,  1e9,  1e10, 1e11, 1e12, 1e13, 1e14, 1e15,
                        1e16, 1e17, 1e18, 1e19, 1e20, 1e21, 1e22};
                /* Do a binary search with 5 steps */
-               result = 16;
+               result = 15;
                if (value < values[result]) {
                        result -= 8;
                } else {
Unnamed repository; edit this file 'description' to name the repository.