ID: 51023 Updated by: [email protected] Reported By: geissert at debian dot org -Status: No Feedback +Status: Open Bug Type: Filter related -PHP Version: 5.3.1 +PHP Version: 5.3SVN-2010-02-12 New Comment:
Further investigation revealed that the bug occurs with gcc 4.4 and optimisation -02. Without optimisation the code still works. Previous Comments: ------------------------------------------------------------------------ [2010-02-20 01:00:02] php-bugs at lists dot php dot net No feedback was provided for this bug for over a week, so it is being suspended automatically. If you are able to provide the information that was originally requested, please do so and change the status of the bug back to "Open". ------------------------------------------------------------------------ [2010-02-12 19:03:16] geissert at debian dot org Still present. What's the point of checking the code myself and describing the bug and the fix if you are going to ask me to try the latest svn which contains the same code on the file where the bug occurs? ------------------------------------------------------------------------ [2010-02-12 16:13:42] [email protected] Please try using this snapshot: http://snaps.php.net/php5.3-latest.tar.gz For Windows: http://windows.php.net/snapshots/ ------------------------------------------------------------------------ [2010-02-11 23:31:02] geissert at debian dot org Description: ------------ The filter fails to detect an integer overflow and passes the FILTER_VALIDATE_INT test. The problem is caused because php_filter_parse_int uses a long to detect the overflow, which of course doesn't have the same size of an integer. This can be fixed by making ctx_value an integer in both php_filter_parse_int and php_filter_int (and for correctness, not setting Z_TYPE_P(value) to IS_LONG). Reproduce code: --------------- // the current test: $s = sprintf("%d", PHP_INT_MAX); var_dump(is_long(filter_var($s, FILTER_VALIDATE_INT))); $s = sprintf("%.0f", PHP_INT_MAX+1); var_dump(filter_var($s, FILTER_VALIDATE_INT)); $s = sprintf("%d", -PHP_INT_MAX); var_dump(is_long(filter_var($s, FILTER_VALIDATE_INT))); Expected result: ---------------- bool(true) bool(false) bool(true) Actual result: -------------- bool(true) int(-2147483648) bool(true) ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=51023&edit=1
