diff options
| author | Dmitry Stogov <dmitry@php.net> | 2009-03-31 10:02:51 +0000 |
|---|---|---|
| committer | Dmitry Stogov <dmitry@php.net> | 2009-03-31 10:02:51 +0000 |
| commit | 7dbbd25a141861e849acc2f3457d86ef385adf7d (patch) | |
| tree | 1915bf68defc2aed50eeaedae746ebc6f85e9ac0 /ext | |
| parent | b21948863ca93efbae9b82d598b87e46ba4efb53 (diff) | |
| download | php-git-7dbbd25a141861e849acc2f3457d86ef385adf7d.tar.gz | |
Fixed bug #47745 (FILTER_VALIDATE_INT doesn't allow minimum integer)
Diffstat (limited to 'ext')
| -rw-r--r-- | ext/filter/logical_filters.c | 31 | ||||
| -rw-r--r-- | ext/filter/tests/bug47745.phpt | 11 |
2 files changed, 29 insertions, 13 deletions
diff --git a/ext/filter/logical_filters.c b/ext/filter/logical_filters.c index 3f9e25839c..6fdc37b558 100644 --- a/ext/filter/logical_filters.c +++ b/ext/filter/logical_filters.c @@ -74,14 +74,12 @@ static int php_filter_parse_int(const char *str, unsigned int str_len, long *ret TSRMLS_DC) { /* {{{ */ long ctx_value; - long sign = 1; + long sign = 0; const char *end = str + str_len; - double dval; - long overflow; switch (*str) { case '-': - sign = -1; + sign = 1; case '+': str++; default: @@ -95,22 +93,29 @@ static int php_filter_parse_int(const char *str, unsigned int str_len, long *ret return -1; } + if ((end - str > MAX_LENGTH_OF_LONG - 1) /* number too long */ + || (SIZEOF_LONG == 4 && end - str == MAX_LENGTH_OF_LONG - 1 && *str > '2')) { + /* overflow */ + return -1; + } + while (str < end) { if (*str >= '0' && *str <= '9') { - ZEND_SIGNED_MULTIPLY_LONG(ctx_value, 10, ctx_value, dval, overflow); - if (overflow) { - return -1; - } - ctx_value += ((*(str++)) - '0'); - if (ctx_value & LONG_SIGN_MASK) { - return -1; - } + ctx_value = (ctx_value * 10) + (*(str++) - '0'); \ } else { return -1; } } + if (sign) { + ctx_value = -ctx_value; + if (ctx_value > 0) { /* overflow */ + return -1; + } + } else if (ctx_value < 0) { /* overflow */ + return -1; + } - *ret = ctx_value * sign; + *ret = ctx_value; return 1; } /* }}} */ diff --git a/ext/filter/tests/bug47745.phpt b/ext/filter/tests/bug47745.phpt new file mode 100644 index 0000000000..a8656fd933 --- /dev/null +++ b/ext/filter/tests/bug47745.phpt @@ -0,0 +1,11 @@ +--TEST-- +Bug #47745 (FILTER_VALIDATE_INT doesn't allow minimum integer) +--FILE-- +<?php +$s = (string)(-PHP_INT_MAX-1); +var_dump(intval($s)); +var_dump(filter_var($s, FILTER_VALIDATE_INT)); +?> +--EXPECTF-- +int(-%d) +int(-%d) |