PHP :: Bug #40894 :: fix for bug #38770 causes more harm than good on big-endian 64bit

Bug #40894	fix for bug #38770 causes more harm than good on big-endian 64bit
Submitted:	2007-03-22 15:59 UTC	Modified:	2007-04-03 21:59 UTC
From:	mmarek at suse dot cz	Assigned:	iliaa (profile)
Status:	Closed	Package:	*Programming Data Structures
PHP Version:	5.2.1	OS:
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	mmarek at suse dot cz
New email:
PHP Version:		OS:

New/Additional Comment:

[2007-03-22 15:59 UTC] mmarek at suse dot cz

Description:
------------
Fix for bug #38770 breaks unpack() on big-endian 64bit, because it reads uninitialized memory or memory that doesn't relate to the data being processed.

In http://cvs.php.net/viewvc.cgi/php-src/ext/standard/pack.c?r1=1.62&r2=1.63

input[inputpos + machine_endian_long_map[3]] will read input[inputpos+7] when unpacking 4 bytes.

Please revert the fix, as it tries to fix a questionable issue (-30000 simply doesn't fit into unsigned type) and causes trouble in cases where it worked before (eg. pear is not even installable on POWER, b/c install-pear-nozlib.phar makes heavy use of unpack()).

Reproduce code:
---------------
run

  print_r( unpack( "V", pack( "V", 200 ) ));

several times on ppc64.

Expected result:
----------------
It should output

Array
(
    [1] => 200
)

all the time.

Actual result:
--------------
# ./sapi/cli/php -r 'print_r( unpack( "V", pack( "V", 200 ) ));'
Array
(
    [1] => 200
)
# ./sapi/cli/php -r 'print_r( unpack( "V", pack( "V", 200 ) ));'
Array
(
    [1] => -2147483448
)
# ./sapi/cli/php -r 'print_r( unpack( "V", pack( "V", 200 ) ));'
Array
(
    [1] => 200
)
# ./sapi/cli/php -r 'print_r( unpack( "V", pack( "V", 200 ) ));'
Array
(
    [1] => 200
)
# ./sapi/cli/php -r 'print_r( unpack( "V", pack( "V", 200 ) ));'
Array
(
    [1] => -2147483448
)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2007-04-03 21:59 UTC] iliaa@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Mar 21 11:01:30 2025 UTC