php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #31117 Implicit cast to int of a key in an array produce an integer overflow
Submitted: 2004-12-16 11:35 UTC Modified: 2005-05-29 21:46 UTC
From: wiart at yahoo dot com Assigned:
Status: Not a bug Package: Arrays related
PHP Version: 4.3.10 OS: * (64 bit only!)
Private report: No CVE-ID: None
 [2004-12-16 11:35 UTC] wiart at yahoo dot com
Description:
------------
I use in my code in an array a key that is a string only composed of numbers ("20041001103319").
The problem is that this key is automatically converted into an int by PHP and as it is a long string, it produces an integer overflow for the array index (see the code and the Actual result) after serialization and then unserialization.

Note that I compiled PHP 4.3.10 on my laptop (32 bits) and there is no problem at all (I can see the Expected result), but when I compile on an AMD 64 (Opteron) machine, the wrong (Actual result) is shown.

(I've also saw this bug with a 4.3.2 on the Opteron machine).

Problem with cast of strings into int when 64 bits ... 


Note that if I try on my laptop with a shorter key (ie "2004100") that does not overflows the int capacity, it is also automatically casted into an int.


My conclusion is "Never use as keys in arrays strings only composed of numbers". But I think that at least a notice should be displayed for such implicit casts.
Or maybe I missed something in the documentation. In this case, sorry for the loss if time.

It is most related with Bug #28972 but in this case, we can see the difference in the treatment between 32 and 64 bits arch.


Reproduce code:
---------------
$arr["20041001103319"] = 'test';
var_dump( $arr);

$arr_in_str = serialize($arr);
print "Now result is: $arr_in_str<BR />";

$final_arr = unserialize($arr_in_str);
print "The final unserialized array:<BR />";
var_dump($final_arr);

Expected result:
----------------
array(1) { ["20041001103319"]=>  string(4) "test" } 
Now result is: a:1:{s:14:"20041001103319";s:4:"test";}
The final unserialized array:
array(1) { ["20041001103319"]=> string(4) "test" }

Actual result:
--------------
array(1) { [20041001103319]=>  string(4) "test" } 
Now result is: a:1:{i:20041001103319;s:4:"test";}
The final unserialized array:
array(1) { [683700183]=> string(4) "test" }

Patches

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-12-16 16:17 UTC] iliaa@php.net
This is the expected results, PHP will not emulate an integer overflow on 64 bit systems.
 [2022-06-01 13:40 UTC] kusyazwan2411 at gmail dot com
The following pull request has been associated:

Patch Name: Extract functions to classes
On GitHub:  https://github.com/php/web-master/pull/12
Patch:      https://github.com/php/web-master/pull/12.patch
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 05:01:29 2024 UTC