PHP :: Bug #21340 :: numerics can overflow php numeric datatypes

Bug #21340	numerics can overflow php numeric datatypes
Submitted:	2003-01-02 10:57 UTC	Modified:	2003-01-13 17:21 UTC
From:	jcoby at listingbook dot com	Assigned:
Status:	Closed	Package:	Sybase-ct (ctlib) related
PHP Version:	4.3.0	OS:	redhat linux 7.3
Private report:	No	CVE-ID:	None

View Developer Edit

[2003-01-02 10:57 UTC] jcoby at listingbook dot com

Large NUMERIC (20,0) fields can easily overflow the built-in php datatypes (float, real), causing truncation to 2147483647 (2^31 - 1).

Some solutions:
1) Return numerics as string
2) Return numerics as gmp val
3) redesign my database

Until (2) becomes a builtin datatype in PHP, I don't see this as a good solution.  (3) is out of the question, so I elected to use (1); patch follows.  I also have the CS_NUMERIC_TYPE ident as "numeric".



--- php_sybase_ct.c.old Thu Jan  2 11:42:57 2003
+++ php_sybase_ct.c     Thu Jan  2 11:46:18 2003
@@ -1166,9 +1166,9 @@
                                break;
                        case CS_NUMERIC_TYPE:
                        case CS_DECIMAL_TYPE:
-                               result->datafmt[i].maxlength = result->datafmt[i].precision + 3;
-                               /* numeric(10) vs numeric(10, 1) */
-                               result->numerics[i] = (result->datafmt[i].scale == 0) ? 1 : 2;
+                               /* numerics can overflow real and long types, return as a string */
+                               result->datafmt[i].maxlength++;
+                               result->numerics[i] = 0;
                                break;
                        default:
                                result->datafmt[i].maxlength++;
@@ -1769,10 +1769,12 @@
                        break;
                case CS_REAL_TYPE:
                case CS_FLOAT_TYPE:
-               case CS_NUMERIC_TYPE:
                case CS_DECIMAL_TYPE:
                        return "real";
                        break;
+               case CS_NUMERIC_TYPE:
+                       return "numeric";
+                       break;
                case CS_MONEY_TYPE:
                case CS_MONEY4_TYPE:
                        return "money";

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-01-02 17:27 UTC] jcoby at listingbook dot com

Looks like I forgot to seperate CS_DECIMAL_TYPE from the CS_NUMERIC_TYPE string conversion.  As far as I can tell, DECIMAL types should still be returned as float/real datatypes, though I am not very familiar with them.

I can upload another patch if wanted, but the changes are so minor and straightforward that I don't see a need right now. :)

[2003-01-03 10:28 UTC] jcoby at listingbook dot com

Update: this patch doesn't quite work, a value of '0' is returned as NULL.

In the meantime, I've downgraded to 4.2.3 and will look into this issue more as I get time.

[2003-01-13 16:49 UTC] iliaa@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php4-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-STABLE-latest.zip

[2003-01-13 17:19 UTC] jcoby at listingbook dot com

That seems to fix the problem.

Will respond if I find any other problems related to this bug.

[2003-01-13 17:21 UTC] sniper@php.net

closing then. Submit new report about any other bug you might encounter.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue Nov 04 06:00:01 2025 UTC