diff options
author | Nikita Popov <nikita.ppv@gmail.com> | 2019-03-14 17:24:50 +0100 |
---|---|---|
committer | Nikita Popov <nikita.ppv@gmail.com> | 2019-03-14 17:24:50 +0100 |
commit | e7d40afb7a7984174eb132a14b7a6621c8e76258 (patch) | |
tree | 267eab6db563e12db6dd5e9e82387fbfcdad9a63 | |
parent | c7920aba3e1892accca7cd13ef5b8a8fbf48b5c2 (diff) | |
download | php-git-e7d40afb7a7984174eb132a14b7a6621c8e76258.tar.gz |
Fixed bug #77742
By avoiding integer overflow in the implementation entirely. The
multiplication was already explicitly checked for overflow, so also
add a check for the addition and remove the overflow checks after
the calculation.
-rw-r--r-- | NEWS | 4 | ||||
-rw-r--r-- | ext/bcmath/libbcmath/src/num2long.c | 17 |
2 files changed, 16 insertions, 5 deletions
@@ -11,6 +11,10 @@ PHP NEWS . Fixed bug #77676 (Unable to run tests when building shared extension on AIX). (Kevin Adler) +- Bcmath: + . Fixed bug #77742 (bcpow() implementation related to gcc compiler + optimization). (Nikita) + - FPM: . Fixed bug #77677 (FPM fails to build on AIX due to missing WCOREDUMP). (Kevin Adler) diff --git a/ext/bcmath/libbcmath/src/num2long.c b/ext/bcmath/libbcmath/src/num2long.c index 81e82a6fac..228f6645a2 100644 --- a/ext/bcmath/libbcmath/src/num2long.c +++ b/ext/bcmath/libbcmath/src/num2long.c @@ -54,12 +54,19 @@ bc_num2long (num) /* Extract the int value, ignore the fraction. */ val = 0; nptr = num->n_value; - for (index=num->n_len; (index>0) && (val<=(LONG_MAX/BASE)); index--) - val = val*BASE + *nptr++; + for (index = num->n_len; index > 0; index--) { + char n = *nptr++; - /* Check for overflow. If overflow, return zero. */ - if (index>0) val = 0; - if (val < 0) val = 0; + if (val > LONG_MAX/BASE) { + return 0; + } + val *= BASE; + + if (val > LONG_MAX - n) { + return 0; + } + val += n; + } /* Return the value. */ if (num->n_sign == PLUS) |