What happens if you exceed uint32? Just curious, security-wise, because AFAIR exceeding uint32 would be possible through superglobals only, which a potential attacker could abuse.
param=foo param[a]=foo¶m[b]=foo¶m[c]=foo¶m[…]=foo (reaching uin32+1) On 22 Oct 2014, at 21:15, Nikita Popov <nikita....@gmail.com> wrote: > On Wed, Oct 22, 2014 at 9:13 PM, Anatol Belski <a...@php.net> wrote: > >> Hi Nikita, >> >> On Wed, October 22, 2014 19:44, Nikita Popov wrote: >>> On Wed, Oct 22, 2014 at 5:56 PM, Anatol Belski <a...@php.net> wrote: >>> >>> >>>> Commit: a5e4f1f598f3a53e5793d290619806b41f1f1380 >>>> Author: Anatol Belski <a...@php.net> Wed, 22 Oct 2014 17:27:33 >>>> +0200 >>>> Parents: cccd538512c3d345a73eeb5f1cc29643a1bb2715 >>>> Branches: master >>>> >>>> >>>> Link: >>>> >> http://git.php.net/?p=php-src.git;a=commitdiff;h=a5e4f1f598f3a53e5793d29 >>>> 0619806b41f1f1380 >>>> >>>> >>>> Log: >>>> fix several datatype mismatches >>>> >>>> Changed paths: >>>> M Zend/zend_API.h >>>> M ext/standard/basic_functions.c >>>> M ext/standard/basic_functions.h >>>> >>>> >>> >>> Rather than adding casts, shouldn't the add_* functions be changed to >>> accept size_t lengths? >>> >>> Nikita >>> >>> >> I just remember we was talking that variable names and array keys aren't >> expected to be that long, so stayed by that approach. Actually some casts >> would be needed if it's done the other way round, for instance if such a >> thing would need to be saved into some struct or so. >> >> But actually it can be done either way. From the perf perspective both >> ways are not an issue, anyway. Do you think we should do that? >> >> Regards >> >> Anatol >> > > Array keys use normal zend_strings, which use size_t lengths. Only the > number of array elements is limited to uint32. > > Nikita