The cause for this is that "phanto" changed the type of the string length from a signed type to zend_uint without providing any kind of justification (zvalue_value).
As many past security advisories have shown, signedness issues are the frequent cause for severe vulnerabilities in software (recent examples include MySQL, OpenBSD kernel). As all existing PHP extensions and other relevant code assumes that the length of strings is denotated by a signed integer type, I hereby propose to revert that commit and to reinstate the old type. Any objections? - Sascha -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php