--- /dev/null
+--TEST--
+Bug #54547: wrong equality of string numbers near LONG_MAX with 64-bit longs
+--SKIPIF--
+<?php
+if (PHP_INT_MAX !== 9223372036854775807)
+ die("skip for 64-bit long systems only");
+--FILE--
+<?php
+var_dump("9223372036854775807" == "9223372036854775808");
+var_dump("-9223372036854775808" == "-9223372036854775809");
+var_dump("0x7fffffffffffffff" == "9223372036854775808");
+
+/* not exactly what the bug is about, but closely related problem: */
+var_dump("999223372036854775807"=="999223372036854775808");
+var_dump("899223372036854775807">"00999223372036854775807");
+--EXPECT--
+bool(false)
+bool(false)
+bool(false)
+bool(false)
+bool(false)
ZEND_API void zendi_smart_strcmp(zval *result, zval *s1, zval *s2) /* {{{ */
{
int ret1, ret2;
+ int oflow1, oflow2;
long lval1, lval2;
double dval1, dval2;
- if ((ret1=is_numeric_string(Z_STRVAL_P(s1), Z_STRLEN_P(s1), &lval1, &dval1, 0)) &&
- (ret2=is_numeric_string(Z_STRVAL_P(s2), Z_STRLEN_P(s2), &lval2, &dval2, 0))) {
+ if ((ret1=is_numeric_string_ex(Z_STRVAL_P(s1), Z_STRLEN_P(s1), &lval1, &dval1, 0, &oflow1)) &&
+ (ret2=is_numeric_string_ex(Z_STRVAL_P(s2), Z_STRLEN_P(s2), &lval2, &dval2, 0, &oflow2))) {
+ if (oflow1 != 0 && oflow1 == oflow2 && dval1 - dval2 == 0.) {
+ /* both values are integers overflown to the same side, and the
+ * double comparison may have resulted in crucial accuracy lost */
+ goto string_cmp;
+ }
if ((ret1==IS_DOUBLE) || (ret2==IS_DOUBLE)) {
if (ret1!=IS_DOUBLE) {
+ if (oflow2) {
+ /* 2nd operand is integer > LONG_MAX (oflow2==1) or < LONG_MIN (-1) */
+ ZVAL_LONG(result, -1 * oflow2);
+ return;
+ }
dval1 = (double) lval1;
} else if (ret2!=IS_DOUBLE) {
+ if (oflow1) {
+ ZVAL_LONG(result, oflow1);
+ return;
+ }
dval2 = (double) lval2;
} else if (dval1 == dval2 && !zend_finite(dval1)) {
/* Both values overflowed and have the same sign,
* if the number was out of long range or contained a decimal point/exponent.
* The number's value is returned into the respective pointer, *lval or *dval,
* if that pointer is not NULL.
+ *
+ * This variant also gives information if a string that represents an integer
+ * could not be represented as such due to overflow. It writes 1 to oflow_info
+ * if the integer is larger than LONG_MAX and -1 if it's smaller than LONG_MIN.
*/
-
-static inline zend_uchar is_numeric_string(const char *str, int length, long *lval, double *dval, int allow_errors)
+static inline zend_uchar is_numeric_string_ex(const char *str, int length, long *lval, double *dval, int allow_errors, int *oflow_info)
{
const char *ptr;
int base = 10, digits = 0, dp_or_e = 0;
return 0;
}
+ if (oflow_info != NULL) {
+ *oflow_info = 0;
+ }
+
/* Skip any whitespace
* This is much faster than the isspace() function */
while (*str == ' ' || *str == '\t' || *str == '\n' || *str == '\r' || *str == '\v' || *str == '\f') {
if (base == 10) {
if (digits >= MAX_LENGTH_OF_LONG) {
+ if (oflow_info != NULL) {
+ *oflow_info = *str == '-' ? -1 : 1;
+ }
dp_or_e = -1;
goto process_double;
}
if (dval) {
local_dval = zend_hex_strtod(str, &ptr);
}
+ if (oflow_info != NULL) {
+ *oflow_info = 1;
+ }
type = IS_DOUBLE;
}
} else if (*ptr == '.' && ZEND_IS_DIGIT(ptr[1])) {
if (dval) {
*dval = zend_strtod(str, NULL);
}
+ if (oflow_info != NULL) {
+ *oflow_info = *str == '-' ? -1 : 1;
+ }
return IS_DOUBLE;
}
}
}
+static inline zend_uchar is_numeric_string(const char *str, int length, long *lval, double *dval, int allow_errors) {
+ return is_numeric_string_ex(str, length, lval, dval, allow_errors, NULL);
+}
+
static inline char *
zend_memnstr(char *haystack, char *needle, int needle_len, char *end)
{
projects / php / commitdiff