From: tomas_matousek at hotmail dot com Operating system: WinXP PHP version: 5.0.0RC3 PHP Bug Type: Scripting Engine problem Bug description: [] operator overflow treatment is incorrect
Description: ------------ If there is an item in an array having key = 2^31-1 and you use [] operator without specifying a key it overflows and adds a new item with min. int (-2^31) in the array. This is IMHO not correct or at least not consistent with the manual where the following sentence is stated: "If you do not specify a key for a given value, then the maximum of the integer indices is taken, and the new key will be that maximum value + 1." Moreover, consider the folowing array: $a = array(2^31-2 => 1,-2^31 => 1) and use $a[] twice. You get warning: "Cannot add element to the array as the next element is already occupied". But if the array is $a = array(2^31-1 => 1,-2^31 => 1) a new item is added with a key -2^31+1 with no warning. However, if you use array_push instead [] it does never report a warning but does the same as []. IMHO it will be more correct if both [] and array_push do not add a new key and report a warning or notice if the maximal integer key reaches maximum value 2^31-1. Reproduce code: --------------- $a = array(2147483647 => 1, -2147483648 => 1); $a[] = 2; $a[] = 3; var_dump($a); $a = array(2147483646 => 1, -2147483648 => 1); $a[] = 2; $a[] = 3; var_dump($a); Expected result: ---------------- Warning: Cannot add element to array - integer key reached maximal possible value ... Warning: Cannot add element to array - integer key reached maximal possible value ... array(4) { [2147483647]=> int(1) [-2147483648]=> int(1) } Warning: Cannot add element to array - integer key reached maximal possible value ... array(3) { [2147483646]=> int(1) [-2147483648]=> int(1) [2147483647]=> int(2) } Actual result: -------------- array(4) { [2147483647]=> int(1) [-2147483648]=> int(1) [-2147483647]=> int(2) [-2147483646]=> int(3) } Warning: Cannot add element to the array as the next element is already occupied in ... array(3) { [2147483646]=> int(1) [-2147483648]=> int(1) [2147483647]=> int(2) } -- Edit bug report at http://bugs.php.net/?id=28972&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=28972&r=trysnapshot4 Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=28972&r=trysnapshot5 Fixed in CVS: http://bugs.php.net/fix.php?id=28972&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=28972&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=28972&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=28972&r=needscript Try newer version: http://bugs.php.net/fix.php?id=28972&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=28972&r=support Expected behavior: http://bugs.php.net/fix.php?id=28972&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=28972&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=28972&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=28972&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=28972&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=28972&r=dst IIS Stability: http://bugs.php.net/fix.php?id=28972&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=28972&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=28972&r=float