diff options
| author | Nikita Popov <nikita.ppv@gmail.com> | 2019-06-19 12:53:10 +0200 |
|---|---|---|
| committer | Nikita Popov <nikita.ppv@gmail.com> | 2019-06-19 15:09:00 +0200 |
| commit | 82a34e71c59010b64cf0104789da66d0c4d26b9c (patch) | |
| tree | 4e1f59eaffb659d5f9d2ce774e2c8ca03139e9e3 | |
| parent | 3d4298697b41231690f93590e99f599b964f6a0d (diff) | |
| download | php-git-82a34e71c59010b64cf0104789da66d0c4d26b9c.tar.gz | |
Avoid overflow UB in is_numeric_string
We intentionally overflow the signed space here, so make this an
unsigned variable and only cast to signed at the end.
| -rw-r--r-- | Zend/zend_operators.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/Zend/zend_operators.c b/Zend/zend_operators.c index 6033fafebe..384884965d 100644 --- a/Zend/zend_operators.c +++ b/Zend/zend_operators.c @@ -3035,7 +3035,7 @@ ZEND_API zend_uchar ZEND_FASTCALL _is_numeric_string_ex(const char *str, size_t int digits = 0, dp_or_e = 0; double local_dval = 0.0; zend_uchar type; - zend_long tmp_lval = 0; + zend_ulong tmp_lval = 0; int neg = 0; if (!length) { @@ -3143,7 +3143,7 @@ process_double: if (neg) { tmp_lval = -tmp_lval; } - *lval = tmp_lval; + *lval = (zend_long) tmp_lval; } return IS_LONG; |