diff options
| author | Stanislav Malyshev <stas@php.net> | 2018-06-04 22:51:38 -0700 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2018-06-04 22:51:38 -0700 |
| commit | 5fbb0988d13911de4daf8007ac1918d623b4c7db (patch) | |
| tree | 49afc6f5c9f19b7eade5083b5457449b95d7c40e | |
| parent | d5ee654b7113c4123a5f2d4628016d31dbced2d4 (diff) | |
| parent | 73bf238507e41cc87107055e39a57e1ebb5619df (diff) | |
| download | php-git-5fbb0988d13911de4daf8007ac1918d623b4c7db.tar.gz | |
Merge branch 'PHP-7.1' into PHP-7.2
* PHP-7.1:
Fix bug #76390 - do not allow invalid strings in range()
| -rw-r--r-- | ext/standard/array.c | 18 | ||||
| -rw-r--r-- | ext/standard/tests/array/range_errors.phpt | 14 |
2 files changed, 26 insertions, 6 deletions
diff --git a/ext/standard/array.c b/ext/standard/array.c index 0a9cfb30cb..382fb72beb 100644 --- a/ext/standard/array.c +++ b/ext/standard/array.c @@ -2769,10 +2769,18 @@ PHP_FUNCTION(range) ZEND_PARSE_PARAMETERS_END_EX(RETURN_FALSE); if (zstep) { - if (Z_TYPE_P(zstep) == IS_DOUBLE || - (Z_TYPE_P(zstep) == IS_STRING && is_numeric_string(Z_STRVAL_P(zstep), Z_STRLEN_P(zstep), NULL, NULL, 0) == IS_DOUBLE) - ) { + if (Z_TYPE_P(zstep) == IS_DOUBLE) { is_step_double = 1; + } else if (Z_TYPE_P(zstep) == IS_STRING) { + int type = is_numeric_string(Z_STRVAL_P(zstep), Z_STRLEN_P(zstep), NULL, NULL, 0); + if (type == IS_DOUBLE) { + is_step_double = 1; + } + if (type == 0) { + /* bad number */ + php_error_docref(NULL, E_WARNING, "Invalid range string - must be numeric"); + RETURN_FALSE; + } } step = zval_get_double(zstep); @@ -2900,6 +2908,10 @@ long_str: } lstep = step; + if (step <= 0) { + err = 1; + goto err; + } Z_TYPE_INFO(tmp) = IS_LONG; if (low > high) { /* Negative steps */ diff --git a/ext/standard/tests/array/range_errors.phpt b/ext/standard/tests/array/range_errors.phpt index 9652e28340..45c30f5acf 100644 --- a/ext/standard/tests/array/range_errors.phpt +++ b/ext/standard/tests/array/range_errors.phpt @@ -27,6 +27,8 @@ var_dump( range(1) ); // No.of args < expected var_dump( range(1,2,3,4) ); // No.of args > expected var_dump( range(-1, -2, 2) ); var_dump( range("a", "j", "z") ); +var_dump( range(0, 1, "140962482048819216326.24") ); +var_dump( range(0, 1, "140962482048819216326.24.") ); echo "\n-- Testing Invalid steps --"; $step_arr = array( "string", NULL, FALSE, "", "\0" ); @@ -78,11 +80,17 @@ bool(false) Warning: range(): step exceeds the specified range in %s on line %d bool(false) +Warning: range(): Invalid range string - must be numeric in %s on line %d +bool(false) + Warning: range(): step exceeds the specified range in %s on line %d bool(false) +Warning: range(): Invalid range string - must be numeric in %s on line %d +bool(false) + -- Testing Invalid steps -- -Warning: range(): step exceeds the specified range in %s on line %d +Warning: range(): Invalid range string - must be numeric in %s on line %d bool(false) Warning: range(): step exceeds the specified range in %s on line %d @@ -91,9 +99,9 @@ bool(false) Warning: range(): step exceeds the specified range in %s on line %d bool(false) -Warning: range(): step exceeds the specified range in %s on line %d +Warning: range(): Invalid range string - must be numeric in %s on line %d bool(false) -Warning: range(): step exceeds the specified range in %s on line %d +Warning: range(): Invalid range string - must be numeric in %s on line %d bool(false) Done |