ID: 51023 Comment by: geissert at debian dot org Reported By: geissert at debian dot org Status: Feedback Bug Type: Filter related PHP Version: 5.3.1 New Comment:
Still present. What's the point of checking the code myself and describing the bug and the fix if you are going to ask me to try the latest svn which contains the same code on the file where the bug occurs? Previous Comments: ------------------------------------------------------------------------ [2010-02-12 16:13:42] [email protected] Please try using this snapshot: http://snaps.php.net/php5.3-latest.tar.gz For Windows: http://windows.php.net/snapshots/ ------------------------------------------------------------------------ [2010-02-11 23:31:02] geissert at debian dot org Description: ------------ The filter fails to detect an integer overflow and passes the FILTER_VALIDATE_INT test. The problem is caused because php_filter_parse_int uses a long to detect the overflow, which of course doesn't have the same size of an integer. This can be fixed by making ctx_value an integer in both php_filter_parse_int and php_filter_int (and for correctness, not setting Z_TYPE_P(value) to IS_LONG). Reproduce code: --------------- // the current test: $s = sprintf("%d", PHP_INT_MAX); var_dump(is_long(filter_var($s, FILTER_VALIDATE_INT))); $s = sprintf("%.0f", PHP_INT_MAX+1); var_dump(filter_var($s, FILTER_VALIDATE_INT)); $s = sprintf("%d", -PHP_INT_MAX); var_dump(is_long(filter_var($s, FILTER_VALIDATE_INT))); Expected result: ---------------- bool(true) bool(false) bool(true) Actual result: -------------- bool(true) int(-2147483648) bool(true) ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=51023&edit=1
