Fix bug #80584: 0x and 0X are considered valid hex numbers by filter_var()

Closes GH-6573

3 files changed, 25 insertions, 0 deletions

diff --git a/NEWS b/NEWS
index 57572a1417..e356a0331a 100644
--- a/NEWS
+++ b/NEWS
@@ -14,6 +14,10 @@ PHP                                                                        NEWS
   . Fixed bug #80537 (Wrong parameter type in DOMElement::removeAttributeNode
     stub). (Nikita)
 
+- Filter:
+  . Fixed bug #80584 (0x and 0X are considered valid hex numbers by
+    filter_var()). (girgias)
+
 - MySQLi:
   . Fixed bug #67983 (mysqlnd with MYSQLI_OPT_INT_AND_FLOAT_NATIVE fails to
     interpret bit columns). (Nikita)
diff --git a/ext/filter/logical_filters.c b/ext/filter/logical_filters.c
index a9fcc01d01..392156b539 100644
--- a/ext/filter/logical_filters.c
+++ b/ext/filter/logical_filters.c
@@ -233,6 +233,9 @@ void php_filter_int(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
 		p++; len--;
 		if (allow_hex && (*p == 'x' || *p == 'X')) {
 			p++; len--;
+			if (len == 0) {
+				RETURN_VALIDATION_FAILED
+			}
 			if (php_filter_parse_hex(p, len, &ctx_value) < 0) {
 				error = 1;
 			}
diff --git a/ext/filter/tests/bug80584.phpt b/ext/filter/tests/bug80584.phpt
new file mode 100644
index 0000000000..ede6a4bcdc
--- /dev/null
+++ b/ext/filter/tests/bug80584.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Bug #80584: "0x" and "0X" are considered valid hex numbers by filter_var()
+--SKIPIF--
+<?php
+if (!extension_loaded('filter')) die('skip filter extension not available');
+?>
+--FILE--
+<?php
+var_dump(filter_var('0x', FILTER_VALIDATE_INT, FILTER_FLAG_ALLOW_HEX));
+var_dump(filter_var('0X', FILTER_VALIDATE_INT, FILTER_FLAG_ALLOW_HEX));
+var_dump(filter_var('', FILTER_VALIDATE_INT, FILTER_FLAG_ALLOW_HEX));
+var_dump(filter_var('0', FILTER_VALIDATE_INT, FILTER_FLAG_ALLOW_HEX));
+?>
+--EXPECT--
+bool(false)
+bool(false)
+bool(false)
+int(0)