ID: 51023
Updated by: j...@php.net
Reported By: geissert at debian dot org
Status: Open
Bug Type: Filter related
Operating System: *
PHP Version: 5.3SVN-2010-02-12
New Comment:
See also bug #51008
Previous Comments:
------------------------------------------------------------------------
[2010-02-20 20:56:44] geiss...@php.net
Further investigation revealed that the bug occurs with gcc 4.4 and
optimisation -02. Without optimisation the code still works.
------------------------------------------------------------------------
[2010-02-11 23:31:02] geissert at debian dot org
Description:
------------
The filter fails to detect an integer overflow and passes the
FILTER_VALIDATE_INT test. The problem is caused because
php_filter_parse_int uses a long to detect the overflow, which of course
doesn't have the same size of an integer.
This can be fixed by making ctx_value an integer in both
php_filter_parse_int and php_filter_int (and for correctness, not
setting Z_TYPE_P(value) to IS_LONG).
Reproduce code:
---------------
// the current test:
$s = sprintf("%d", PHP_INT_MAX);
var_dump(is_long(filter_var($s, FILTER_VALIDATE_INT)));
$s = sprintf("%.0f", PHP_INT_MAX+1);
var_dump(filter_var($s, FILTER_VALIDATE_INT));
$s = sprintf("%d", -PHP_INT_MAX);
var_dump(is_long(filter_var($s, FILTER_VALIDATE_INT)));
Expected result:
----------------
bool(true)
bool(false)
bool(true)
Actual result:
--------------
bool(true)
int(-2147483648)
bool(true)
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=51023&edit=1
