Hi Scott,

Didn't get to send a message before you corrected the decoding, but was going to suggest the method for long vs double checking that's used in the scanner, is_numeric_string(), etc. (and I'm about to add a couple more). It saves from using both strto* functions. :-) See the attached patch against HEAD.

I guess I could go ahead and do it later anyway, since your change didn't get merged to 5.2?


- Matt


----- Original Message -----
From: "Scott MacVicar"
Sent: Tuesday, March 17, 2009

scottmac Tue Mar 17 14:56:49 2009 UTC

 Modified files:
   /php-src/ext/json JSON_parser.c
 Log:
 Deal with overflow when decoding large numbers



http://cvs.php.net/viewvc.cgi/php-src/ext/json/JSON_parser.c?r1=1.23&r2=1.24&diff_format=u
Index: php-src/ext/json/JSON_parser.c
diff -u php-src/ext/json/JSON_parser.c:1.23 php-src/ext/json/JSON_parser.c:1.24
--- php-src/ext/json/JSON_parser.c:1.23 Tue Mar 17 02:00:08 2009
+++ php-src/ext/json/JSON_parser.c Tue Mar 17 14:56:49 2009
@@ -290,8 +290,9 @@
    if (type == IS_LONG)
    {
 long l = strtol(buf->c, NULL, 10);
- if (l > LONG_MAX || l < LONG_MIN) {
- ZVAL_DOUBLE(*z, zend_strtod(buf->c, NULL));
+ double d = zend_strtod(buf->c, NULL);
+ if (d > LONG_MAX || d < LONG_MIN) {
+ ZVAL_DOUBLE(*z, d);
 } else {
 ZVAL_LONG(*z, l);
 }

Index: ext/json/JSON_parser.c
===================================================================
RCS file: /repository/php-src/ext/json/JSON_parser.c,v
retrieving revision 1.24
diff -u -r1.24 JSON_parser.c
--- ext/json/JSON_parser.c      17 Mar 2009 14:56:49 -0000      1.24
+++ ext/json/JSON_parser.c      17 Mar 2009 19:52:00 -0000
@@ -289,16 +289,27 @@

    if (type == IS_LONG)
    {
-               long l = strtol(buf->c, NULL, 10);
-               double d = zend_strtod(buf->c, NULL);
-               if (d > LONG_MAX || d < LONG_MIN) {
-                       ZVAL_DOUBLE(*z, d);
-               } else {
-                       ZVAL_LONG(*z, l);
+               if (buf->c[0] == '-') {
+                       buf->len--;
                }
+
+               if (buf->len >= MAX_LENGTH_OF_LONG - 1) {
+                       if (buf->len == MAX_LENGTH_OF_LONG - 1) {
+                               int cmp = strcmp(buf->c + (buf->c[0] == '-'), 
long_min_digits);
+
+                               if (!(cmp < 0 || (cmp == 0 && buf->c[0] == 
'-'))) {
+                                       goto use_double;
+                               }
+                       } else {
+                               goto use_double;
+                       }
+               }
+
+               ZVAL_LONG(*z, strtol(buf->c, NULL, 10));
    }
    else if (type == IS_DOUBLE)
    {
+use_double:
        ZVAL_DOUBLE(*z, zend_strtod(buf->c, NULL));
    }
    else if (type == IS_STRING)

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to