Edit report at https://bugs.php.net/bug.php?id=51105&edit=1
ID: 51105
Comment by: firexware at gmail dot com
Reported by: r3d dot w0rm at yahoo dot com
Summary: PHP str_repeat() Function Integer Overflow
Status: Bogus
Type: Bug
Package: Strings related
Operating System: All
PHP Version: 5.3.2RC2
Block user comment: N
Private report: N
New Comment:
The problem was not reproducible because you were using 64-bit php which uses
64-bit signed integers.
Try this:
<?php
$str1 = str_repeat('0x0x0x0x', 18446744073709551615);
echo "all good so far...\n";
$str2 = str_repeat('0x0x0x0x', 2305843009213693952);
?>
18446744073709551615 is 2^64 - 1, which is -1 in two's compliment.
2305843009213693952 is 2^61
Output:
all good so far...
PHP Fatal error: Possible integer overflow in memory allocation (8 *
2305843009213693952 + 1) in /tmp/test.php on line 4
Expected output:
PHP Fatal error: Possible integer overflow in memory allocation (8 *
18446744073709551615 + 1) in /tmp/test.php on line 2
all good so far...
PHP Fatal error: Possible integer overflow in memory allocation (8 *
2305843009213693952 + 1) in /tmp/test.php on line 4
Previous Comments:
------------------------------------------------------------------------
[2010-10-16 00:31:43] [email protected]
I cannot reproduce this. (probably already fixed)
------------------------------------------------------------------------
[2010-07-16 01:41:46] php at crummett dot us
PHP says you do not have enough memory to do this. The string generated would
be 8GiB in size.
Also, this can be simplified as:
Reproduce code:
---------------
<?php
str_repeat('0x0x0x0x',999999999);
Actual result:
---------------
Fatal error: Possible integer overflow in memory allocation (8 * 999999999 + 1)
in crash.php on line 2
------------------------------------------------------------------------
[2010-03-01 01:00:01] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
------------------------------------------------------------------------
[2010-02-21 17:26:53] [email protected]
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32
Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.
------------------------------------------------------------------------
[2010-02-21 16:33:01] r3d dot w0rm at yahoo dot com
Os : win Xp Sp 2 , Fedora 11
Cpu : 2.2
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
https://bugs.php.net/bug.php?id=51105
--
Edit this bug report at https://bugs.php.net/bug.php?id=51105&edit=1
