From: Matt Wilmas <mattwil@php.net>
Date: Thu, 19 Mar 2009 19:27:14 +0000 (+0000)
Subject: MFH: Handle overflow when decoding large numbers and avoid 2 conversions
X-Git-Tag: php-5.2.10RC1~278
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=85c513c1fcc49ed040223b3f747d85756be48640;p=php

MFH: Handle overflow when decoding large numbers and avoid 2 conversions
---

diff --git a/ext/json/JSON_parser.c b/ext/json/JSON_parser.c
index 6eca7ad7c1..607c490f4a 100644
--- a/ext/json/JSON_parser.c
+++ b/ext/json/JSON_parser.c
@@ -284,15 +284,27 @@ static void json_create_zval(zval **z, smart_str *buf, int type)
 
     if (type == IS_LONG)
     {
-		long l = strtol(buf->c, NULL, 10);
-		if (l > LONG_MAX || l < LONG_MIN) {
-			ZVAL_DOUBLE(*z, zend_strtod(buf->c, NULL));
-		} else {
-			ZVAL_LONG(*z, l);
+		if (buf->c[0] == '-') {
+			buf->len--;
 		}
+
+		if (buf->len >= MAX_LENGTH_OF_LONG - 1) {
+			if (buf->len == MAX_LENGTH_OF_LONG - 1) {
+				int cmp = strcmp(buf->c + (buf->c[0] == '-'), long_min_digits);
+
+				if (!(cmp < 0 || (cmp == 0 && buf->c[0] == '-'))) {
+					goto use_double;
+				}
+			} else {
+				goto use_double;
+			}
+		}
+
+		ZVAL_LONG(*z, strtol(buf->c, NULL, 10));
     }
     else if (type == IS_DOUBLE)
     {
+use_double:
         ZVAL_DOUBLE(*z, zend_strtod(buf->c, NULL));
     }
     else if (type == IS_STRING)