PHP :: Bug #3062 :: dechex doesn't handle negative numbers

Bug #3062

dechex doesn't handle negative numbers

Submitted:

1999-12-28 21:40 UTC

Modified:

2005-03-30 09:02 UTC

Votes:	1
Avg. Score:	1.0 ± 0.0
Reproduced:	0 of 1 (0.0%)

From:

anderson at metrolink dot com

Assigned:

Status:

Wont fix

Package:

Misbehaving function

PHP Version:

3.0.12

OS:

FreeBSD

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	anderson at metrolink dot com
New email:
PHP Version:		OS:

New Comment:

[1999-12-28 21:40 UTC] anderson at metrolink dot com

The function dechex() can be passed a negative number, which will
create a negative index into a static array. This was discoverd when trying to manipulate IP addresses represented by integers. Any IP that has a first octet >127 will cause this to happen. Since integers are signed, I wonder what other areas might have a similar problem when trying to manipulate IP addresses in this way.

Simple Example:

print(dechex(-333333));

This fix seems to correct this instance of the problem, but I fear that there could possibly be undesirable side effect of doing this.



*** php-3.0.12/functions/math.c Thu Apr 22 09:19:50 1999
--- php/functions/math.c        Tue Dec 28 21:16:08 1999
***************
*** 424,430 ****
        static char digits[] = "0123456789abcdefghijklmnopqrstuvwxyz";
        char *result, *ptr, *ret;
        int len, digit;
!       long value;
  
        if (arg->type != IS_LONG || base < 2 || base > 36) {
                return empty_string;
--- 424,430 ----
        static char digits[] = "0123456789abcdefghijklmnopqrstuvwxyz";
        char *result, *ptr, *ret;
        int len, digit;
!       unsigned long value;
  
        if (arg->type != IS_LONG || base < 2 || base > 36) {
                return empty_string;

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[1999-12-31 05:34 UTC] anderson at metrolink dot com

I also noticed that

PHPAPI void convert_to_long_base(pval *op, int base)

uses strtol() instead of strtoul(), which also contributes to my difficulty.

$ip=0xffffffff doesn't equal -1, but $ip=~0 does.

Perhaps I'm just trying to do something that isn't supposed to work, but
the results are clertainly not intuitive.

[2005-03-30 09:02 UTC] sniper@php.net

We are sorry, but we can not support PHP 3 related problems anymore.
Momentum is gathering for PHP 5, and we think supporting PHP 3 will
lead to a waste of resources which we want to put into getting PHP 5
ready. Of course PHP 4 will continue to be supported for the
forseeable future.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 13:01:31 2024 UTC