PHP :: Bug #21182 :: range() change value of string argument

Bug #21182	range() change value of string argument
Submitted:	2002-12-25 10:02 UTC	Modified:	2002-12-25 14:11 UTC
From:	lofa at forma dot kharkov dot ua	Assigned:	moriyoshi (profile)
Status:	Closed	Package:	Arrays related
PHP Version:	4.3.0-dev	OS:	FreeBSD
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2002-12-25 10:02 UTC] lofa at forma dot kharkov dot ua

I have the following code:

<?PHP

$a = "20";
$b = "30";
$result = range($a, $b);
echo $a;

?>

For some reason it display "40".

I know that I have to write 
$result = range((int)$a, (int)$b);
But why range() change value of argument?

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-12-25 10:43 UTC] derdik at ukr dot net

I searched range's source (php4/ext/standard/array.c)

It seems that problem is in string 

for (; *low <= *high; (*low) += (unsigned int)lstep) {
    add_next_index_stringl(return_value, low, 1, 1);
}

+= increments not pointer, but value, to which low points.
Therefore for(;;) iterates values between first characters of high and low strings.

[2002-12-25 13:44 UTC] philip@php.net

Confirmed in 4.3.0.  If they are strings, $a turns into 40!  If $a is integer, it stays 20 as expected.  Btw if we have '$a = "$a = "24"; $b = "140";' then $a turns into 04.  There seems to be sort of a pattern but it's kinda weird :)  The second argument ($b) does not get modified and the following behavoir exists:

range(20, "30");   // okay in 4.3.0-dev
range("20", "30"); // not okay in 4.3.0-dev

And as a holiday bonus, in HEAD either use results in a segfault with the following backtrace for CLI:

rock:/tmp# php range.php
a1: 20
FATAL:  erealloc():  Unable to allocate 1515870815 bytes
Segmentation fault (core dumped)

#0  0x400b9c51 in kill () from /lib/libc.so.6
#1  0x0815f28c in _erealloc (ptr=0x8360cdc, size=1515870815, allow_failure=0, __zend_filename=0x81b8100 "/cvs/php4/Zend/zend_operators.c", __zend_lineno=1013, __zend_orig_filename=0x0, __zend_orig_lineno=0)
    at /cvs/php4/Zend/zend_alloc.c:298
#2  0x0816fb47 in add_string_to_string (result=0xbfffd5f4, op1=0xbfffd5f4, op2=0xbfffd748) at /cvs/php4/Zend/zend_operators.c:1013
#3  0x0818766b in execute (op_array=0x83677c4) at /cvs/php4/Zend/zend_execute.c:1463
#4  0x08174924 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /cvs/php4/Zend/zend.c:931
#5  0x08139553 in php_execute_script (primary_file=0xbffffa2c) at /cvs/php4/main/main.c:1693
#6  0x0818e817 in main (argc=2, argv=0xbffffaa4) at /cvs/php4/sapi/cli/php_cli.c:744

range.php looks like this:

<?php
$a = "20"; $b = "30";
echo "a1: $a\n";
$result = range($a, $b);
echo "a2: $a : type : " . gettype($a) . "\n";
?>

[2002-12-25 14:11 UTC] iliaa@php.net

This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Wed Jun 26 15:01:30 2024 UTC