ID: 26584 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: Verified +Status: Assigned Bug Type: Scripting Engine problem Operating System: * PHP Version: 5CVS, 4CVS (2005-06-19) -Assigned To: +Assigned To: dmitry New Comment:
The bug is partially fixed in CVS HEAD, PHP_5_0 and PHP_4_4. Integer overflow problem is not solved, but now constant arrays can use null, boolean and double indecies. Previous Comments: ------------------------------------------------------------------------ [2005-06-19 21:22:56] [EMAIL PROTECTED] See also bug #28972 Still fails and leaks. ------------------------------------------------------------------------ [2005-01-25 15:41:04] [EMAIL PROTECTED] Leaks too: php5/Zend/zend_compile.c(3005) : Freeing 0x082268CC (16 bytes) php5/Zend/zend_language_scanner.l(1607) : Freeing 0x08226894 (5 bytes) php_4_3/Zend/zend_compile.c(1872) : Freeing 0x086549D4 (12 bytes) php_4_3/Zend/zend_language_scanner.l(1531) : Freeing 0x0865499C (5 bytes) ------------------------------------------------------------------------ [2003-12-10 10:04:35] [EMAIL PROTECTED] Description: ------------ See attached code. It seems that when assigning arrays in a class definition, it's possible to overflow the array key, without any sort of warning/notice/etc. This only happens in a class def, and not to a "global" namespace array. It's odd that the same code isn't used for both regular array constructs, and object array constructs (Zend Engine). ZE2 may fix this problem. Has not been tested. The logical overflow threshold is between 2147483647 and 2147483648 (where 2147483648 is a 32bit (singed) integer value of -0, if I'm not mistaken -- or 0x80000000). Note: this affects more than just negative keys as seen in code:VAL3. I don't have time to jump into the php source right now (nor am I truly qualified to do so). Please let me know if/when you need additional details. S ([EMAIL PROTECTED]) Reproduce code: --------------- http://sean.caedmon.net/php/class_array_bug.phps (http://sean.caedmon.net/php/class_array_bug.php) Expected result: ---------------- (see code) Actual result: -------------- (see code) ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=26584&edit=1
