diff options
author | Stanislav Malyshev <stas@php.net> | 2018-06-04 22:44:05 -0700 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2018-06-04 22:44:05 -0700 |
commit | 73bf238507e41cc87107055e39a57e1ebb5619df (patch) | |
tree | 9e9e809542cd720834cc15776b6a4790e8ec8fa6 /ext/standard | |
parent | 5bf8032112016c2f60149d05d20c8756a6e2664a (diff) | |
download | php-git-73bf238507e41cc87107055e39a57e1ebb5619df.tar.gz |
Fix bug #76390 - do not allow invalid strings in range()
Diffstat (limited to 'ext/standard')
-rw-r--r-- | ext/standard/array.c | 18 | ||||
-rw-r--r-- | ext/standard/tests/array/range_errors.phpt | 14 |
2 files changed, 26 insertions, 6 deletions
diff --git a/ext/standard/array.c b/ext/standard/array.c index 5905ae4929..183cf123c3 100644 --- a/ext/standard/array.c +++ b/ext/standard/array.c @@ -2099,10 +2099,18 @@ PHP_FUNCTION(range) } if (zstep) { - if (Z_TYPE_P(zstep) == IS_DOUBLE || - (Z_TYPE_P(zstep) == IS_STRING && is_numeric_string(Z_STRVAL_P(zstep), Z_STRLEN_P(zstep), NULL, NULL, 0) == IS_DOUBLE) - ) { + if (Z_TYPE_P(zstep) == IS_DOUBLE) { is_step_double = 1; + } else if (Z_TYPE_P(zstep) == IS_STRING) { + int type = is_numeric_string(Z_STRVAL_P(zstep), Z_STRLEN_P(zstep), NULL, NULL, 0); + if (type == IS_DOUBLE) { + is_step_double = 1; + } + if (type == 0) { + /* bad number */ + php_error_docref(NULL, E_WARNING, "Invalid range string - must be numeric"); + RETURN_FALSE; + } } step = zval_get_double(zstep); @@ -2242,6 +2250,10 @@ long_str: } lstep = step; + if (step <= 0) { + err = 1; + goto err; + } Z_TYPE_INFO(tmp) = IS_LONG; if (low > high) { /* Negative steps */ diff --git a/ext/standard/tests/array/range_errors.phpt b/ext/standard/tests/array/range_errors.phpt index 9652e28340..45c30f5acf 100644 --- a/ext/standard/tests/array/range_errors.phpt +++ b/ext/standard/tests/array/range_errors.phpt @@ -27,6 +27,8 @@ var_dump( range(1) ); // No.of args < expected var_dump( range(1,2,3,4) ); // No.of args > expected var_dump( range(-1, -2, 2) ); var_dump( range("a", "j", "z") ); +var_dump( range(0, 1, "140962482048819216326.24") ); +var_dump( range(0, 1, "140962482048819216326.24.") ); echo "\n-- Testing Invalid steps --"; $step_arr = array( "string", NULL, FALSE, "", "\0" ); @@ -78,11 +80,17 @@ bool(false) Warning: range(): step exceeds the specified range in %s on line %d bool(false) +Warning: range(): Invalid range string - must be numeric in %s on line %d +bool(false) + Warning: range(): step exceeds the specified range in %s on line %d bool(false) +Warning: range(): Invalid range string - must be numeric in %s on line %d +bool(false) + -- Testing Invalid steps -- -Warning: range(): step exceeds the specified range in %s on line %d +Warning: range(): Invalid range string - must be numeric in %s on line %d bool(false) Warning: range(): step exceeds the specified range in %s on line %d @@ -91,9 +99,9 @@ bool(false) Warning: range(): step exceeds the specified range in %s on line %d bool(false) -Warning: range(): step exceeds the specified range in %s on line %d +Warning: range(): Invalid range string - must be numeric in %s on line %d bool(false) -Warning: range(): step exceeds the specified range in %s on line %d +Warning: range(): Invalid range string - must be numeric in %s on line %d bool(false) Done |