From: Matt Wilmas <mattwil@php.net>
Date: Sun, 7 Jun 2009 19:28:33 +0000 (+0000)
Subject: MFH: Fixed bug #47836 (array operator [] inconsistency when the array has PHP_INT_MAX... 
X-Git-Tag: php-5.2.10RC2~26
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=dd4b27e943cccfab8a8356130cf2fcfafb82de99;p=php

MFH: Fixed bug #47836 (array operator [] inconsistency when the array has PHP_INT_MAX index value)
Also simplified related array_push() test
---

diff --git a/NEWS b/NEWS
index d18c03d9f3..04dcb4f861 100644
--- a/NEWS
+++ b/NEWS
@@ -19,6 +19,8 @@
 - Fixed bug #48273 (snmp*_real_walk() returns SNMP errors as values).
   (Ilia, lytboris at gmail dot com)
 - Fixed bug #48247 (Crash on errors during startup). (Stas)
+- Fixed bug #47836 (array operator [] inconsistency when the array has
+  PHP_INT_MAX index value). (Matt)
 - Fixed bug #46386 (Digest authentication with SOAP module fails against MSSQL 
   SOAP services). (Ilia, lordelph at gmail dot com)
 - Fixed bug #42143 (The constant NAN is reported as 0 on Windows)
diff --git a/Zend/tests/bug47836.phpt b/Zend/tests/bug47836.phpt
new file mode 100644
index 0000000000..5a93a44c71
--- /dev/null
+++ b/Zend/tests/bug47836.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Bug #47836 (array operator [] inconsistency when the array has PHP_INT_MAX index value)
+--FILE--
+<?php
+
+$arr[PHP_INT_MAX] = 1;
+$arr[] = 2;
+
+var_dump($arr);
+?>
+--EXPECTF--
+Warning: Cannot add element to the array as the next element is already occupied in %s on line 4
+array(1) {
+  [%d]=>
+  int(1)
+}
diff --git a/Zend/zend_hash.c b/Zend/zend_hash.c
index 252643f8e7..33be3a37a9 100644
--- a/Zend/zend_hash.c
+++ b/Zend/zend_hash.c
@@ -376,7 +376,7 @@ ZEND_API int _zend_hash_index_update_or_next_insert(HashTable *ht, ulong h, void
 			UPDATE_DATA(ht, p, pData, nDataSize);
 			HANDLE_UNBLOCK_INTERRUPTIONS();
 			if ((long)h >= (long)ht->nNextFreeElement) {
-				ht->nNextFreeElement = h + 1;
+				ht->nNextFreeElement = h < LONG_MAX ? h + 1 : LONG_MAX;
 			}
 			if (pDest) {
 				*pDest = p->pData;
@@ -404,7 +404,7 @@ ZEND_API int _zend_hash_index_update_or_next_insert(HashTable *ht, ulong h, void
 	HANDLE_UNBLOCK_INTERRUPTIONS();
 
 	if ((long)h >= (long)ht->nNextFreeElement) {
-		ht->nNextFreeElement = h + 1;
+		ht->nNextFreeElement = h < LONG_MAX ? h + 1 : LONG_MAX;
 	}
 	ht->nNumOfElements++;
 	ZEND_HASH_IF_FULL_DO_RESIZE(ht);
diff --git a/ext/standard/tests/array/array_push_error2.phpt b/ext/standard/tests/array/array_push_error2.phpt
index 86f8df78b0..e0c8bd3f33 100644
--- a/ext/standard/tests/array/array_push_error2.phpt
+++ b/ext/standard/tests/array/array_push_error2.phpt
@@ -1,9 +1,5 @@
 --TEST--
-Test array_push() function : error conditions - min and max int values as keys
---SKIPIF--
-<?php
-if (PHP_INT_SIZE != 4) die("skip this test is for 32bit platform only");
-?>
+Test array_push() function : error conditions - max int value as key
 --FILE--
 <?php
 /* Prototype  : int array_push(array $stack, mixed $var [, mixed $...])
@@ -12,42 +8,27 @@ if (PHP_INT_SIZE != 4) die("skip this test is for 32bit platform only");
  */
 
 /*
- * Use PHP's minimum and maximum integer values as array keys
+ * Use PHP's maximum integer value as array key
  * then try and push new elements onto the array
  */
 
 echo "*** Testing array_push() : error conditions ***\n";
 
-$array = array(-PHP_INT_MAX => 'min', PHP_INT_MAX => 'max');
+$array = array(PHP_INT_MAX => 'max');
 
 var_dump(array_push($array, 'new'));
 var_dump($array);
-var_dump(array_push($array, 'var'));
-var_dump($array);
 
 echo "Done";
 ?>
 
 --EXPECTF--
 *** Testing array_push() : error conditions ***
-int(3)
-array(3) {
-  [-2147483647]=>
-  string(3) "min"
-  [2147483647]=>
-  string(3) "max"
-  [-2147483648]=>
-  string(3) "new"
-}
 
 Warning: array_push(): Cannot add element to the array as the next element is already occupied in %s on line %d
 bool(false)
-array(3) {
-  [-2147483647]=>
-  string(3) "min"
-  [2147483647]=>
+array(1) {
+  [%d]=>
   string(3) "max"
-  [-2147483648]=>
-  string(3) "new"
 }
 Done