dmitry Tue Mar 31 10:05:38 2009 UTC
Added files: (Branch: PHP_5_2)
/php-src/ext/filter/tests bug47745.phpt
Modified files:
/php-src NEWS
/php-src/ext/filter logical_filters.c
Log:
Fixed bug #47745 (FILTER_VALIDATE_INT doesn't allow minimum integer)
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1454&r2=1.2027.2.547.2.1455&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2027.2.547.2.1454 php-src/NEWS:1.2027.2.547.2.1455
--- php-src/NEWS:1.2027.2.547.2.1454 Mon Mar 30 19:59:08 2009
+++ php-src/NEWS Tue Mar 31 10:05:37 2009
@@ -12,6 +12,8 @@
- Fixed bug #47828 (openssl_x509_parse() segfaults when a UTF-8 conversion
fails). (Scott, Kees Cook, Pierre)
- Fixed bug #47769 (Strange extends PDO). (Felipe)
+- Fixed bug #47745 (FILTER_VALIDATE_INT doesn't allow minimum integer).
+ (Dmitry)
- Fixed bug #47721 (Alignment issues in mbstring and sysvshm extension)
(crrodriguez at opensuse dot org, Ilia)
- Fixed bug #47704 (PHP crashes on some "bad" operations with string offsets).
http://cvs.php.net/viewvc.cgi/php-src/ext/filter/logical_filters.c?r1=1.1.2.31&r2=1.1.2.32&diff_format=u
Index: php-src/ext/filter/logical_filters.c
diff -u php-src/ext/filter/logical_filters.c:1.1.2.31
php-src/ext/filter/logical_filters.c:1.1.2.32
--- php-src/ext/filter/logical_filters.c:1.1.2.31 Wed Mar 25 18:53:04 2009
+++ php-src/ext/filter/logical_filters.c Tue Mar 31 10:05:37 2009
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: logical_filters.c,v 1.1.2.31 2009/03/25 18:53:04 iliaa Exp $ */
+/* $Id: logical_filters.c,v 1.1.2.32 2009/03/31 10:05:37 dmitry Exp $ */
#include "php_filter.h"
#include "filter_private.h"
@@ -70,14 +70,12 @@
static int php_filter_parse_int(const char *str, unsigned int str_len, long
*ret TSRMLS_DC) { /* {{{ */
long ctx_value;
- long sign = 1;
+ long sign = 0;
const char *end = str + str_len;
- double dval;
- long overflow;
switch (*str) {
case '-':
- sign = -1;
+ sign = 1;
case '+':
str++;
default:
@@ -91,22 +89,29 @@
return -1;
}
+ if ((end - str > MAX_LENGTH_OF_LONG - 1) /* number too long */
+ || (SIZEOF_LONG == 4 && end - str == MAX_LENGTH_OF_LONG - 1 && *str >
'2')) {
+ /* overflow */
+ return -1;
+ }
+
while (str < end) {
if (*str >= '0' && *str <= '9') {
- ZEND_SIGNED_MULTIPLY_LONG(ctx_value, 10, ctx_value,
dval, overflow);
- if (overflow) {
- return -1;
- }
- ctx_value += ((*(str++)) - '0');
- if (ctx_value & LONG_SIGN_MASK) {
- return -1;
- }
+ ctx_value = (ctx_value * 10) + (*(str++) - '0');
\
} else {
return -1;
}
}
+ if (sign) {
+ ctx_value = -ctx_value;
+ if (ctx_value > 0) { /* overflow */
+ return -1;
+ }
+ } else if (ctx_value < 0) { /* overflow */
+ return -1;
+ }
- *ret = ctx_value * sign;
+ *ret = ctx_value;
return 1;
}
/* }}} */
http://cvs.php.net/viewvc.cgi/php-src/ext/filter/tests/bug47745.phpt?view=markup&rev=1.1
Index: php-src/ext/filter/tests/bug47745.phpt
+++ php-src/ext/filter/tests/bug47745.phpt
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
