> I might be misunderstanding the problem and I didn't have time to read the
> phrack article, but doesn't this mean that leaving it unsigned is better?
> It wouldn't pass the length check and thus, memcpy() wouldn't convert a
> negative number to something huge.
The problem is that every single line of existing PHP
extensions, both public and non-public, would need to be
audited, if we were to switch the type, because 100% of the
current code misinterpretes data from the ZE2 API right now.
Changing the API does not solve the existing problem, it
merely adds to it.
For example, you can add a single central check to the engine
today which checks string lengths to be at least 0. If the
length field was changed to an unsigned type permanently,
such a check would be impossible to implement in a portable
way, because C does not define how a negative number will
appear when cast to an unsigned type.
- Sascha
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php
