php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #21340 numerics can overflow php numeric datatypes
Submitted: 2003-01-02 10:57 UTC Modified: 2003-01-13 17:21 UTC
From: jcoby at listingbook dot com Assigned:
Status: Closed Package: Sybase-ct (ctlib) related
PHP Version: 4.3.0 OS: redhat linux 7.3
Private report: No CVE-ID: None
 [2003-01-02 10:57 UTC] jcoby at listingbook dot com
Large NUMERIC (20,0) fields can easily overflow the built-in php datatypes (float, real), causing truncation to 2147483647 (2^31 - 1).

Some solutions:
1) Return numerics as string
2) Return numerics as gmp val
3) redesign my database

Until (2) becomes a builtin datatype in PHP, I don't see this as a good solution.  (3) is out of the question, so I elected to use (1); patch follows.  I also have the CS_NUMERIC_TYPE ident as "numeric".



--- php_sybase_ct.c.old Thu Jan  2 11:42:57 2003
+++ php_sybase_ct.c     Thu Jan  2 11:46:18 2003
@@ -1166,9 +1166,9 @@
                                break;
                        case CS_NUMERIC_TYPE:
                        case CS_DECIMAL_TYPE:
-                               result->datafmt[i].maxlength = result->datafmt[i].precision + 3;
-                               /* numeric(10) vs numeric(10, 1) */
-                               result->numerics[i] = (result->datafmt[i].scale == 0) ? 1 : 2;
+                               /* numerics can overflow real and long types, return as a string */
+                               result->datafmt[i].maxlength++;
+                               result->numerics[i] = 0;
                                break;
                        default:
                                result->datafmt[i].maxlength++;
@@ -1769,10 +1769,12 @@
                        break;
                case CS_REAL_TYPE:
                case CS_FLOAT_TYPE:
-               case CS_NUMERIC_TYPE:
                case CS_DECIMAL_TYPE:
                        return "real";
                        break;
+               case CS_NUMERIC_TYPE:
+                       return "numeric";
+                       break;
                case CS_MONEY_TYPE:
                case CS_MONEY4_TYPE:
                        return "money";

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-01-02 17:27 UTC] jcoby at listingbook dot com
Looks like I forgot to seperate CS_DECIMAL_TYPE from the CS_NUMERIC_TYPE string conversion.  As far as I can tell, DECIMAL types should still be returned as float/real datatypes, though I am not very familiar with them.

I can upload another patch if wanted, but the changes are so minor and straightforward that I don't see a need right now. :)
 [2003-01-03 10:28 UTC] jcoby at listingbook dot com
Update: this patch doesn't quite work, a value of '0' is returned as NULL.

In the meantime, I've downgraded to 4.2.3 and will look into this issue more as I get time.
 [2003-01-13 17:19 UTC] jcoby at listingbook dot com
That seems to fix the problem.

Will respond if I find any other problems related to this bug.
 [2003-01-13 17:21 UTC] sniper@php.net
closing then. Submit new report about any other bug you might encounter.

 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Fri Mar 05 20:01:24 2021 UTC