ID: 41121 Updated by: [EMAIL PROTECTED] Reported By: mahesh dot vemula at in dot ibm dot com -Status: Bogus +Status: Open Bug Type: Compile Failure Operating System: RHEL 4 PHP Version: 5CVS-2007-04-17 (snap) New Comment:
HI Ilia, Again as with 41118 I reviewed this one prior to Mahesh raising the defect and having reviewed your comments above I still believe this defect reports a valid issue in the PHP code. As the value for low and high could be variables your suggestion that the request should be re-coded as range(2147483646.0, 2147483647.0) implies all user scripts would need to include range checks on calculated high and low values in order that the correct range() request could be issued to avoid the bad behaviour reported by this defect, i.e script loops until storage is exhausted. This seems unnecessary and unacceptable to me. After reading the description of range() in the php manual I would expect range(2147483646, 2147483647) to create an array of int's with 2 entries as follows: array(2) { [0]=> int(2147483646) [1]=> int(2147483647) } I certainly would not expect an array with 2G entries. If the users input causes overflow then that should be detected and reported. However, both the low and high values specified in the range() request above are within the range which can be expressed as a 32 bit signed integer; 2147483647 is the MAX_INTEGER value. Further if I code something like range(2147483400, 2147483600, 100) where both high and low are clearly within range of valid int's I get the same bad behaviour, i.e the PHP code loops creating a huge array because the logic in array.c does not detect overflow. Please find here: http://www.pastebin.ca/447902 a patch to array.c based on latest PHP 52 branch from CVS which fixes the code to produce the output I would expect as per the description in the PHP manual. The following testcase runs clean with the fix; without the fix a number of use cases cause bad/unexpected behaviour. <?php // posotive steps var_dump(range(2147483400, 2147483600, 100)); var_dump( range(2147483646, 2147483648, 1 ) ); // OK var_dump( range(2147483646, 2147483657, 1 ) ); // Loops without fix var_dump( range(2147483630, 2147483646, 5 ) ); // Loops without fix // negative steps var_dump( range(-2147483645, -2147483648, 1 ) ); // OK var_dump( range(-2147483645, -2147483649, 1 ) ); // OK var_dump( range(-2147483630, -2147483646, 5 ) ); // Loops without fix // low > high var_dump(range(2147483647, 2147483645, 1 )); // Loops without fix var_dump(range(2147483648, 2147483645, 1 )); //OK ?> I am therefore re-opening the defect so that my propsed fix can be considered for inclusion. Regards, Andy Andy Wharmby IBM United Kingdom Limited E-mail: [EMAIL PROTECTED] Previous Comments: ------------------------------------------------------------------------ [2007-04-17 14:18:41] [EMAIL PROTECTED] Thank you for taking the time to write to us, but this is not a bug. Please double-check the documentation available at http://www.php.net/manual/ and the instructions on how to report a bug at http://bugs.php.net/how-to-report.php The 2147483647 overflows resulting in a negative value directing PHP to create an array of an enourmous number of elements. To achieve the desired result you need to pass the parameters are doubles Ex. var_dump( range(2147483646.0, 2147483647.0) ); ------------------------------------------------------------------------ [2007-04-17 14:14:06] mahesh dot vemula at in dot ibm dot com Description: ------------ range() function throws a fatal error message when low = 2147483646, high = 2147483647 & step is default (i.e 1). These values gives range of 1 step and the values are valid integers. Environment: Operating System: RHEL 4 Linux Kernel : Linux 2.6.9 PHP Version: PHP 5.2 (Built on Apr 17, 2007 from snaps.php.net) PHP Configure Setup: ./configure I will be attaching a patch for this as soon as possible. Reproduce code: --------------- <?php var_dump( range(2147483646, 2147483647) ); ?> Expected result: ---------------- array(2) { [0]=> int(2147483646) [1]=> int(2147483647) } Actual result: -------------- Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 34 bytes) in %s on line %d ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=41121&edit=1