tony2001 Tue Mar 1 08:13:08 2005 EDT
Modified files: (Branch: PHP_5_0)
/php-src NEWS
/php-src/ext/gmp gmp.c
Log:
MFH: checks for negative values to gmp_sqrt(), gmp_powm(), gmp_sqrtrem()
and gmp_fact() to prevent SIGFPE
http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1760.2.266&r2=1.1760.2.267&ty=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1760.2.266 php-src/NEWS:1.1760.2.267
--- php-src/NEWS:1.1760.2.266 Tue Mar 1 05:11:07 2005
+++ php-src/NEWS Tue Mar 1 08:13:06 2005
@@ -3,6 +3,8 @@
?? ??? 2005, PHP 5.0.4
- Added Oracle Instant Client support. (cjbj at hotmail dot com, Tony)
- Added length and charsetnr for field array and object in mysqli. (Georg)
+- Added checks for negative values to gmp_sqrt(), gmp_powm(), gmp_sqrtrem()
+ and gmp_fact() to prevent SIGFPE. (Tony)
- Changed foreach() to throw an exception if IteratorAggregate::getIterator()
does not return an Iterator. (Marcus)
- Changed phpize not to require libtool. (Jani)
http://cvs.php.net/diff.php/php-src/ext/gmp/gmp.c?r1=1.46&r2=1.46.2.1&ty=u
Index: php-src/ext/gmp/gmp.c
diff -u php-src/ext/gmp/gmp.c:1.46 php-src/ext/gmp/gmp.c:1.46.2.1
--- php-src/ext/gmp/gmp.c:1.46 Wed Jun 9 10:39:33 2004
+++ php-src/ext/gmp/gmp.c Tue Mar 1 08:13:07 2005
@@ -781,7 +781,28 @@
Calculates factorial function */
ZEND_FUNCTION(gmp_fact)
{
- gmp_unary_ui_op(mpz_fac_ui);
+ zval **a_arg;
+ mpz_t *gmpnum_tmp;
+
+ if (ZEND_NUM_ARGS() != 1 || zend_get_parameters_ex(1, &a_arg) ==
FAILURE){
+ WRONG_PARAM_COUNT;
+ }
+
+ if (Z_TYPE_PP(a_arg) == IS_RESOURCE) {
+ FETCH_GMP_ZVAL(gmpnum_tmp, a_arg);
+ if (mpz_sgn(*gmpnum_tmp) < 0) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING,"Number has
to be greater than or equal to 0");
+ RETURN_FALSE;
+ }
+ } else {
+ convert_to_long_ex(a_arg);
+ if (Z_LVAL_PP(a_arg) < 0) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING,"Number has
to be greater than or equal to 0");
+ RETURN_FALSE;
+ }
+ }
+
+ gmp_zval_unary_ui_op(return_value, a_arg, mpz_fac_ui);
}
/* }}} */
@@ -839,6 +860,10 @@
use_ui = 1;
} else {
FETCH_GMP_ZVAL(gmpnum_exp, exp_arg);
+ if (mpz_sgn(*gmpnum_exp) < 0) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING,"Second
parameter cannot be less than 0");
+ RETURN_FALSE;
+ }
}
FETCH_GMP_ZVAL(gmpnum_mod, mod_arg);
@@ -862,7 +887,24 @@
Takes integer part of square root of a */
ZEND_FUNCTION(gmp_sqrt)
{
- gmp_unary_op(mpz_sqrt);
+ zval **a_arg;
+ mpz_t *gmpnum_a, *gmpnum_result;
+
+ if (ZEND_NUM_ARGS() != 1 || zend_get_parameters_ex(1, &a_arg) ==
FAILURE){
+ WRONG_PARAM_COUNT;
+ }
+
+ FETCH_GMP_ZVAL(gmpnum_a, a_arg);
+
+ if (mpz_sgn(*gmpnum_a) < 0) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING,"Number has to be
greater than or equal to 0");
+ RETURN_FALSE;
+ }
+
+ INIT_GMP_NUM(gmpnum_result);
+ mpz_sqrt(*gmpnum_result, *gmpnum_a);
+
+ ZEND_REGISTER_RESOURCE(return_value, gmpnum_result, le_gmp);
}
/* }}} */
@@ -880,6 +922,11 @@
FETCH_GMP_ZVAL(gmpnum_a, a_arg);
+ if (mpz_sgn(*gmpnum_a) < 0) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING,"Number has to be
greater than or equal to 0");
+ RETURN_FALSE;
+ }
+
INIT_GMP_NUM(gmpnum_result1);
INIT_GMP_NUM(gmpnum_result2);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
