diff options
| author | Stanislav Malyshev <stas@php.net> | 2012-05-10 23:58:10 -0700 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2012-05-13 14:40:44 -0700 |
| commit | 9344bf193c6e35c8706923953f3e63bb01cc05ed (patch) | |
| tree | 8aa98b676f52af23e1f478ae8f606a5887348ec3 | |
| parent | 58482206f5e101ea8a1768375439021891c84bdf (diff) | |
| download | php-git-9344bf193c6e35c8706923953f3e63bb01cc05ed.tar.gz | |
fix bug #54547
| -rw-r--r-- | Zend/tests/bug54547.phpt | 21 | ||||
| -rw-r--r-- | Zend/zend_operators.c | 19 | ||||
| -rw-r--r-- | Zend/zend_operators.h | 24 |
3 files changed, 60 insertions, 4 deletions
diff --git a/Zend/tests/bug54547.phpt b/Zend/tests/bug54547.phpt new file mode 100644 index 0000000000..452cbb8a53 --- /dev/null +++ b/Zend/tests/bug54547.phpt @@ -0,0 +1,21 @@ +--TEST-- +Bug #54547: wrong equality of string numbers near LONG_MAX with 64-bit longs +--SKIPIF-- +<?php +if (PHP_INT_MAX !== 9223372036854775807) + die("skip for 64-bit long systems only"); +--FILE-- +<?php +var_dump("9223372036854775807" == "9223372036854775808"); +var_dump("-9223372036854775808" == "-9223372036854775809"); +var_dump("0x7fffffffffffffff" == "9223372036854775808"); + +/* not exactly what the bug is about, but closely related problem: */ +var_dump("999223372036854775807"=="999223372036854775808"); +var_dump("899223372036854775807">"00999223372036854775807"); +--EXPECT-- +bool(false) +bool(false) +bool(false) +bool(false) +bool(false) diff --git a/Zend/zend_operators.c b/Zend/zend_operators.c index a849cccf13..8d4baa6ac8 100644 --- a/Zend/zend_operators.c +++ b/Zend/zend_operators.c @@ -2035,15 +2035,30 @@ ZEND_API int zend_binary_zval_strncasecmp(zval *s1, zval *s2, zval *s3) /* {{{ * ZEND_API void zendi_smart_strcmp(zval *result, zval *s1, zval *s2) /* {{{ */ { int ret1, ret2; + int oflow1, oflow2; long lval1, lval2; double dval1, dval2; - if ((ret1=is_numeric_string(Z_STRVAL_P(s1), Z_STRLEN_P(s1), &lval1, &dval1, 0)) && - (ret2=is_numeric_string(Z_STRVAL_P(s2), Z_STRLEN_P(s2), &lval2, &dval2, 0))) { + if ((ret1=is_numeric_string_ex(Z_STRVAL_P(s1), Z_STRLEN_P(s1), &lval1, &dval1, 0, &oflow1)) && + (ret2=is_numeric_string_ex(Z_STRVAL_P(s2), Z_STRLEN_P(s2), &lval2, &dval2, 0, &oflow2))) { + if (oflow1 != 0 && oflow1 == oflow2 && dval1 - dval2 == 0.) { + /* both values are integers overflown to the same side, and the + * double comparison may have resulted in crucial accuracy lost */ + goto string_cmp; + } if ((ret1==IS_DOUBLE) || (ret2==IS_DOUBLE)) { if (ret1!=IS_DOUBLE) { + if (oflow2) { + /* 2nd operand is integer > LONG_MAX (oflow2==1) or < LONG_MIN (-1) */ + ZVAL_LONG(result, -1 * oflow2); + return; + } dval1 = (double) lval1; } else if (ret2!=IS_DOUBLE) { + if (oflow1) { + ZVAL_LONG(result, oflow1); + return; + } dval2 = (double) lval2; } else if (dval1 == dval2 && !zend_finite(dval1)) { /* Both values overflowed and have the same sign, diff --git a/Zend/zend_operators.h b/Zend/zend_operators.h index ebf959b25a..d28140e9e5 100644 --- a/Zend/zend_operators.h +++ b/Zend/zend_operators.h @@ -100,9 +100,12 @@ static zend_always_inline long zend_dval_to_lval(double d) * if the number was out of long range or contained a decimal point/exponent. * The number's value is returned into the respective pointer, *lval or *dval, * if that pointer is not NULL. + * + * This variant also gives information if a string that represents an integer + * could not be represented as such due to overflow. It writes 1 to oflow_info + * if the integer is larger than LONG_MAX and -1 if it's smaller than LONG_MIN. */ - -static inline zend_uchar is_numeric_string(const char *str, int length, long *lval, double *dval, int allow_errors) +static inline zend_uchar is_numeric_string_ex(const char *str, int length, long *lval, double *dval, int allow_errors, int *oflow_info) { const char *ptr; int base = 10, digits = 0, dp_or_e = 0; @@ -113,6 +116,10 @@ static inline zend_uchar is_numeric_string(const char *str, int length, long *lv return 0; } + if (oflow_info != NULL) { + *oflow_info = 0; + } + /* Skip any whitespace * This is much faster than the isspace() function */ while (*str == ' ' || *str == '\t' || *str == '\n' || *str == '\r' || *str == '\v' || *str == '\f') { @@ -165,6 +172,9 @@ check_digits: if (base == 10) { if (digits >= MAX_LENGTH_OF_LONG) { + if (oflow_info != NULL) { + *oflow_info = *str == '-' ? -1 : 1; + } dp_or_e = -1; goto process_double; } @@ -172,6 +182,9 @@ check_digits: if (dval) { local_dval = zend_hex_strtod(str, &ptr); } + if (oflow_info != NULL) { + *oflow_info = 1; + } type = IS_DOUBLE; } } else if (*ptr == '.' && ZEND_IS_DIGIT(ptr[1])) { @@ -207,6 +220,9 @@ process_double: if (dval) { *dval = zend_strtod(str, NULL); } + if (oflow_info != NULL) { + *oflow_info = *str == '-' ? -1 : 1; + } return IS_DOUBLE; } @@ -226,6 +242,10 @@ process_double: } } +static inline zend_uchar is_numeric_string(const char *str, int length, long *lval, double *dval, int allow_errors) { + return is_numeric_string_ex(str, length, lval, dval, allow_errors, NULL); +} + static inline char * zend_memnstr(char *haystack, char *needle, int needle_len, char *end) { |