dmitry Tue Mar 31 10:05:38 2009 UTC Added files: (Branch: PHP_5_2) /php-src/ext/filter/tests bug47745.phpt
Modified files: /php-src NEWS /php-src/ext/filter logical_filters.c Log: Fixed bug #47745 (FILTER_VALIDATE_INT doesn't allow minimum integer) http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1454&r2=1.2027.2.547.2.1455&diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.1454 php-src/NEWS:1.2027.2.547.2.1455 --- php-src/NEWS:1.2027.2.547.2.1454 Mon Mar 30 19:59:08 2009 +++ php-src/NEWS Tue Mar 31 10:05:37 2009 @@ -12,6 +12,8 @@ - Fixed bug #47828 (openssl_x509_parse() segfaults when a UTF-8 conversion fails). (Scott, Kees Cook, Pierre) - Fixed bug #47769 (Strange extends PDO). (Felipe) +- Fixed bug #47745 (FILTER_VALIDATE_INT doesn't allow minimum integer). + (Dmitry) - Fixed bug #47721 (Alignment issues in mbstring and sysvshm extension) (crrodriguez at opensuse dot org, Ilia) - Fixed bug #47704 (PHP crashes on some "bad" operations with string offsets). http://cvs.php.net/viewvc.cgi/php-src/ext/filter/logical_filters.c?r1=1.1.2.31&r2=1.1.2.32&diff_format=u Index: php-src/ext/filter/logical_filters.c diff -u php-src/ext/filter/logical_filters.c:1.1.2.31 php-src/ext/filter/logical_filters.c:1.1.2.32 --- php-src/ext/filter/logical_filters.c:1.1.2.31 Wed Mar 25 18:53:04 2009 +++ php-src/ext/filter/logical_filters.c Tue Mar 31 10:05:37 2009 @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: logical_filters.c,v 1.1.2.31 2009/03/25 18:53:04 iliaa Exp $ */ +/* $Id: logical_filters.c,v 1.1.2.32 2009/03/31 10:05:37 dmitry Exp $ */ #include "php_filter.h" #include "filter_private.h" @@ -70,14 +70,12 @@ static int php_filter_parse_int(const char *str, unsigned int str_len, long *ret TSRMLS_DC) { /* {{{ */ long ctx_value; - long sign = 1; + long sign = 0; const char *end = str + str_len; - double dval; - long overflow; switch (*str) { case '-': - sign = -1; + sign = 1; case '+': str++; default: @@ -91,22 +89,29 @@ return -1; } + if ((end - str > MAX_LENGTH_OF_LONG - 1) /* number too long */ + || (SIZEOF_LONG == 4 && end - str == MAX_LENGTH_OF_LONG - 1 && *str > '2')) { + /* overflow */ + return -1; + } + while (str < end) { if (*str >= '0' && *str <= '9') { - ZEND_SIGNED_MULTIPLY_LONG(ctx_value, 10, ctx_value, dval, overflow); - if (overflow) { - return -1; - } - ctx_value += ((*(str++)) - '0'); - if (ctx_value & LONG_SIGN_MASK) { - return -1; - } + ctx_value = (ctx_value * 10) + (*(str++) - '0'); \ } else { return -1; } } + if (sign) { + ctx_value = -ctx_value; + if (ctx_value > 0) { /* overflow */ + return -1; + } + } else if (ctx_value < 0) { /* overflow */ + return -1; + } - *ret = ctx_value * sign; + *ret = ctx_value; return 1; } /* }}} */ http://cvs.php.net/viewvc.cgi/php-src/ext/filter/tests/bug47745.phpt?view=markup&rev=1.1 Index: php-src/ext/filter/tests/bug47745.phpt +++ php-src/ext/filter/tests/bug47745.phpt -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php