The cause for this is that "phanto" changed the type of the
string length from a signed type to zend_uint without
providing any kind of justification (zvalue_value).
As many past security advisories have shown, signedness
issues are the frequent cause for severe vulnerabilities in
software (recent examples include MySQL, OpenBSD kernel).
As all existing PHP extensions and other relevant code
assumes that the length of strings is denotated by a signed
integer type, I hereby propose to revert that commit and to
reinstate the old type.
Any objections?
- Sascha
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php
