From: Nuno Lopes <nlopess@php.net>
Date: Fri, 11 May 2012 16:50:29 +0000 (-0400)
Subject: fix stack overflow in php_intlog10abs()
X-Git-Tag: php-5.4.4RC1~19
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8b4b70df56e14be0f7172b5cc5f8da44b3272ac3;p=php

fix stack overflow in php_intlog10abs()

bug uncovered by LLVM/clang's new -fbounds-checking switch
this patch fixes a crash in ext/standard/tests/math/round_large_exp.phpt
---

diff --git a/ext/standard/math.c b/ext/standard/math.c
index 302fbdae48..65187f6fa1 100644
--- a/ext/standard/math.c
+++ b/ext/standard/math.c
@@ -37,7 +37,7 @@ static inline int php_intlog10abs(double value) {
 	int result;
 	value = fabs(value);
 
-	if (value < 1e-8 || value > 1e23) {
+	if (value < 1e-8 || value > 1e22) {
 		result = (int)floor(log10(value));
 	} else {
 		static const double values[] = {
@@ -46,7 +46,7 @@ static inline int php_intlog10abs(double value) {
 			1e8,  1e9,  1e10, 1e11, 1e12, 1e13, 1e14, 1e15,
 			1e16, 1e17, 1e18, 1e19, 1e20, 1e21, 1e22};
 		/* Do a binary search with 5 steps */
-		result = 16;
+		result = 15;
 		if (value < values[result]) {
 			result -= 8;
 		} else {