PHP :: Bug #40894 :: fix for bug #38770 causes more harm than good on big-endian 64bit

Bug #40894	fix for bug #38770 causes more harm than good on big-endian 64bit
Submitted:	2007-03-22 15:59 UTC	Modified:	2007-04-03 21:59 UTC
From:	mmarek at suse dot cz	Assigned:	iliaa (profile)
Status:	Closed	Package:	*Programming Data Structures
PHP Version:	5.2.1	OS:
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	mmarek at suse dot cz
New email:
PHP Version:		OS:

New Comment:

[2007-03-22 15:59 UTC] mmarek at suse dot cz

Description:
------------
Fix for bug #38770 breaks unpack() on big-endian 64bit, because it reads uninitialized memory or memory that doesn't relate to the data being processed.

In http://cvs.php.net/viewvc.cgi/php-src/ext/standard/pack.c?r1=1.62&r2=1.63

input[inputpos + machine_endian_long_map[3]] will read input[inputpos+7] when unpacking 4 bytes.

Please revert the fix, as it tries to fix a questionable issue (-30000 simply doesn't fit into unsigned type) and causes trouble in cases where it worked before (eg. pear is not even installable on POWER, b/c install-pear-nozlib.phar makes heavy use of unpack()).

Reproduce code:
---------------
run

  print_r( unpack( "V", pack( "V", 200 ) ));

several times on ppc64.

Expected result:
----------------
It should output

Array
(
    [1] => 200
)

all the time.

Actual result:
--------------
# ./sapi/cli/php -r 'print_r( unpack( "V", pack( "V", 200 ) ));'
Array
(
    [1] => 200
)
# ./sapi/cli/php -r 'print_r( unpack( "V", pack( "V", 200 ) ));'
Array
(
    [1] => -2147483448
)
# ./sapi/cli/php -r 'print_r( unpack( "V", pack( "V", 200 ) ));'
Array
(
    [1] => 200
)
# ./sapi/cli/php -r 'print_r( unpack( "V", pack( "V", 200 ) ));'
Array
(
    [1] => 200
)
# ./sapi/cli/php -r 'print_r( unpack( "V", pack( "V", 200 ) ));'
Array
(
    [1] => -2147483448
)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2007-04-03 21:59 UTC] iliaa@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Dec 22 11:01:30 2024 UTC