ID: 51023 Updated by: j...@php.net Reported By: geissert at debian dot org Status: Open Bug Type: Filter related Operating System: * PHP Version: 5.3SVN-2010-02-12 New Comment:
See also bug #51008 Previous Comments: ------------------------------------------------------------------------ [2010-02-20 20:56:44] geiss...@php.net Further investigation revealed that the bug occurs with gcc 4.4 and optimisation -02. Without optimisation the code still works. ------------------------------------------------------------------------ [2010-02-11 23:31:02] geissert at debian dot org Description: ------------ The filter fails to detect an integer overflow and passes the FILTER_VALIDATE_INT test. The problem is caused because php_filter_parse_int uses a long to detect the overflow, which of course doesn't have the same size of an integer. This can be fixed by making ctx_value an integer in both php_filter_parse_int and php_filter_int (and for correctness, not setting Z_TYPE_P(value) to IS_LONG). Reproduce code: --------------- // the current test: $s = sprintf("%d", PHP_INT_MAX); var_dump(is_long(filter_var($s, FILTER_VALIDATE_INT))); $s = sprintf("%.0f", PHP_INT_MAX+1); var_dump(filter_var($s, FILTER_VALIDATE_INT)); $s = sprintf("%d", -PHP_INT_MAX); var_dump(is_long(filter_var($s, FILTER_VALIDATE_INT))); Expected result: ---------------- bool(true) bool(false) bool(true) Actual result: -------------- bool(true) int(-2147483648) bool(true) ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=51023&edit=1