]> granicus.if.org Git - php/commitdiff
MFH: Fixed bug #45877 (Array key '2147483647' left as string)
authorMatt Wilmas <mattwil@php.net>
Thu, 14 May 2009 01:28:15 +0000 (01:28 +0000)
committerMatt Wilmas <mattwil@php.net>
Thu, 14 May 2009 01:28:15 +0000 (01:28 +0000)
NEWS
Zend/tests/bug45877.phpt [new file with mode: 0644]
Zend/zend.h
Zend/zend_hash.h
Zend/zend_operators.h

diff --git a/NEWS b/NEWS
index 054e5bef2755b3392a8f098261b69c44f0ff8661..87560a912f6aef1488621010ec68c06e2037cadd 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -83,6 +83,7 @@ PHP                                                                        NEWS
   different bit numbers). (Matt)
 - Fixed bug #45997 (safe_mode bypass with exec/system/passthru (windows only)).
   (Pierre)
+- Fixed bug #45877 (Array key '2147483647' left as string). (Matt)
 - Fixed bug #45822 (Near infinite-loops while parsing huge relative offsets).
   (Derick, Mike Sullivan)
 - Fixed bug #45799 (imagepng() crashes on empty image). (Martin McNickle,
diff --git a/Zend/tests/bug45877.phpt b/Zend/tests/bug45877.phpt
new file mode 100644 (file)
index 0000000..2703770
--- /dev/null
@@ -0,0 +1,23 @@
+--TEST--
+Bug #45877 (Array key '2147483647' left as string)
+--INI--
+precision=20
+--FILE--
+<?php
+$keys = array(PHP_INT_MAX,
+       (string) PHP_INT_MAX,
+       (string) (-PHP_INT_MAX - 1),
+       -PHP_INT_MAX - 1,
+       (string) (PHP_INT_MAX + 1));
+
+var_dump(array_fill_keys($keys, 1));
+?>
+--EXPECTF--
+array(3) {
+  [%d7]=>
+  int(1)
+  [-%d8]=>
+  int(1)
+  ["%d8"]=>
+  int(1)
+}
index ed9a1ec9c337ee675fca70aa28f523f8bdadbf8d..8db545afe48032c7ed2be80fd19eca4ec90a8542 100644 (file)
@@ -249,6 +249,18 @@ char *alloca ();
 #define LONG_MIN (- LONG_MAX - 1)
 #endif
 
+#if SIZEOF_LONG == 4
+#define MAX_LENGTH_OF_LONG 11
+static const char long_min_digits[] = "2147483648";
+#elif SIZEOF_LONG == 8
+#define MAX_LENGTH_OF_LONG 20
+static const char long_min_digits[] = "9223372036854775808";
+#else
+#error "Unknown SIZEOF_LONG"
+#endif
+
+#define MAX_LENGTH_OF_DOUBLE 32
+
 #undef SUCCESS
 #undef FAILURE
 #define SUCCESS 0
index 605e23cce489f2d7fbfdb4ad10fd6988f3fd7142..c4635e154c00674da35a350264e4164e21d9a5ab 100644 (file)
@@ -298,40 +298,41 @@ END_EXTERN_C()
        zend_hash_init(ht, n, NULL, ZVAL_PTR_DTOR, persistent)
 
 
-#define HANDLE_NUMERIC(key, length, func) {                                                                                            \
-       register char *tmp=key;                                                                                                                         \
-                                                                                                                                                                               \
-       if (*tmp=='-') {                                                                                                                                        \
-               tmp++;                                                                                                                                                  \
-       }                                                                                                                                                                       \
-       if ((*tmp>='0' && *tmp<='9')) do { /* possibly a numeric index */                                       \
-               char *end=key+length-1;                                                                                                                 \
-               long idx;                                                                                                                                               \
-                                                                                                                                                                               \
-               if (*tmp++=='0' && length>2) { /* don't accept numbers with leading zeros */    \
-                       break;                                                                                                                                          \
-               }                                                                                                                                                               \
-               while (tmp<end) {                                                                                                                               \
-                       if (!(*tmp>='0' && *tmp<='9')) {                                                                                        \
-                               break;                                                                                                                                  \
-                       }                                                                                                                                                       \
-                       tmp++;                                                                                                                                          \
-               }                                                                                                                                                               \
-               if (tmp==end && *tmp=='\0') { /* a numeric index */                                                             \
-                       if (*key=='-') {                                                                                                                        \
-                               idx = strtol(key, NULL, 10);                                                                                    \
-                               if (idx!=LONG_MIN) {                                                                                                    \
-                                       return func;                                                                                                            \
-                               }                                                                                                                                               \
-                       } else {                                                                                                                                        \
-                               idx = strtol(key, NULL, 10);                                                                                    \
-                               if (idx!=LONG_MAX) {                                                                                                    \
-                                       return func;                                                                                                            \
-                               }                                                                                                                                               \
-                       }                                                                                                                                                       \
-               }                                                                                                                                                               \
-       } while (0);                                                                                                                                            \
-}
+#define HANDLE_NUMERIC(key, length, func) do {                                                         \
+       register const char *tmp = key;                                                                                 \
+                                                                                                                                                       \
+       if (*tmp == '-') {                                                                                                              \
+               tmp++;                                                                                                                          \
+       }                                                                                                                                               \
+       if (*tmp >= '0' && *tmp <= '9') { /* possibly a numeric index */                \
+               const char *end = key + length - 1;                                                                     \
+               long idx;                                                                                                                       \
+                                                                                                                                                       \
+               if ((*end != '\0') /* not a null terminated string */                           \
+                || (*tmp == '0' && length > 2) /* numbers with leading zeros */        \
+                || (end - tmp > MAX_LENGTH_OF_LONG - 1) /* number too long */          \
+                || (SIZEOF_LONG == 4 &&                                                                                        \
+                    end - tmp == MAX_LENGTH_OF_LONG - 1 &&                                                     \
+                    *tmp > '2')) { /* overflow */                                                                      \
+                       break;                                                                                                                  \
+               }                                                                                                                                       \
+               idx = (*tmp - '0');                                                                                                     \
+               while (++tmp != end && *tmp >= '0' && *tmp <= '9') {                            \
+                       idx = (idx * 10) + (*tmp - '0');                                                                \
+               }                                                                                                                                       \
+               if (tmp == end) {                                                                                                       \
+                       if (*key == '-') {                                                                                              \
+                               idx = -idx;                                                                                                     \
+                               if (idx > 0) { /* overflow */                                                           \
+                                       break;                                                                                                  \
+                               }                                                                                                                       \
+                       } else if (idx < 0) { /* overflow */                                                    \
+                               break;                                                                                                          \
+                       }                                                                                                                               \
+                       return func;                                                                                                    \
+               }                                                                                                                                       \
+       }                                                                                                                                               \
+} while (0)
 
 
 static inline int zend_symtable_update(HashTable *ht, char *arKey, uint nKeyLength, void *pData, uint nDataSize, void **pDest)                                 \
@@ -343,7 +344,7 @@ static inline int zend_symtable_update(HashTable *ht, char *arKey, uint nKeyLeng
 
 static inline int zend_symtable_del(HashTable *ht, char *arKey, uint nKeyLength)
 {
-       HANDLE_NUMERIC(arKey, nKeyLength, zend_hash_index_del(ht, idx))
+       HANDLE_NUMERIC(arKey, nKeyLength, zend_hash_index_del(ht, idx));
        return zend_hash_del(ht, arKey, nKeyLength);
 }
 
index 1968cb06d51f96269a8507e26c95a55c21b957e1..1a2cf950c3d788cad50d54805d16badcd8b4ca2c 100644 (file)
 #include "ext/bcmath/libbcmath/src/bcmath.h"
 #endif
 
-#if SIZEOF_LONG == 4
-#define MAX_LENGTH_OF_LONG 11
-static const char long_min_digits[] = "2147483648";
-#elif SIZEOF_LONG == 8
-#define MAX_LENGTH_OF_LONG 20
-static const char long_min_digits[] = "9223372036854775808";
-#else
-#error "Unknown SIZEOF_LONG"
-#endif
-
-#define MAX_LENGTH_OF_DOUBLE 32
-
 BEGIN_EXTERN_C()
 ZEND_API int add_function(zval *result, zval *op1, zval *op2 TSRMLS_DC);
 ZEND_API int sub_function(zval *result, zval *op1, zval *op2 TSRMLS_DC);