php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #68672 incorrect bit shift
Submitted: 2014-12-28 22:56 UTC Modified: 2016-07-13 14:32 UTC
From: bugreports at internot dot info Assigned:
Status: Not a bug Package: Scripting Engine problem
PHP Version: master-Git-2014-12-28 (Git) OS: Linux Ubuntu 14.04
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: bugreports at internot dot info
New email:
PHP Version: OS:

 

 [2014-12-28 22:56 UTC] bugreports at internot dot info 
Description:
------------
Hi,

In /Zend/zend_strtod.c:

1137                        z >>= k;

But k may be 32.

Bitshifting >=32 causes "undefined behavior".


Thanks,

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-12-28 23:01 UTC] bugreports at internot dot info 
And

/ext/hash/hash_sha.c: 
 844        context->count[1] += ((php_hash_uint64) inputLen >> 61);

Thanks,
 [2014-12-28 23:01 UTC] bugreports at internot dot info 
Aswell as:

 958        context->count[1] += ((php_hash_uint64) inputLen >> 61);
 [2014-12-30 02:52 UTC] aharvey@php.net
-Package: *General Issues +Package: Scripting Engine problem
 [2014-12-30 02:52 UTC] aharvey@php.net 
The shifts in the comments look OK to me (they're explicitly 64 bit integers, and the shift is 61 in both cases), but the zend_strtod.c shift definitely looks like it could be problematic, as lo0bits() can return 32 and ULong (which is the type of z) is a typedef for uint32_t.
 [2016-07-13 14:32 UTC] dmitry@php.net
-Status: Open +Status: Not a bug
 [2016-07-13 14:32 UTC] dmitry@php.net 
zend_strtod.c
1134	if ((y = d1)) {
1135		if ((k = lo0bits(&y))) {
1136			x[0] = y | (z << (32 - k));
1137			z >>= k;

"k" can't be equal to 32, because this means that "y" is equal to zero, but this condition is checked on line 1134.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Jul 03 10:01:33 2025 UTC