php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #40894 fix for bug #38770 causes more harm than good on big-endian 64bit
Submitted: 2007-03-22 15:59 UTC Modified: 2007-04-03 21:59 UTC
From: mmarek at suse dot cz Assigned: iliaa (profile)
Status: Closed Package: *Programming Data Structures
PHP Version: 5.2.1 OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: mmarek at suse dot cz
New email:
PHP Version: OS:

 

 [2007-03-22 15:59 UTC] mmarek at suse dot cz
Description:
------------
Fix for bug #38770 breaks unpack() on big-endian 64bit, because it reads uninitialized memory or memory that doesn't relate to the data being processed.

In http://cvs.php.net/viewvc.cgi/php-src/ext/standard/pack.c?r1=1.62&r2=1.63

input[inputpos + machine_endian_long_map[3]] will read input[inputpos+7] when unpacking 4 bytes.

Please revert the fix, as it tries to fix a questionable issue (-30000 simply doesn't fit into unsigned type) and causes trouble in cases where it worked before (eg. pear is not even installable on POWER, b/c install-pear-nozlib.phar makes heavy use of unpack()).

Reproduce code:
---------------
run

  print_r( unpack( "V", pack( "V", 200 ) ));

several times on ppc64.

Expected result:
----------------
It should output

Array
(
    [1] => 200
)

all the time.

Actual result:
--------------
# ./sapi/cli/php -r 'print_r( unpack( "V", pack( "V", 200 ) ));'
Array
(
    [1] => 200
)
# ./sapi/cli/php -r 'print_r( unpack( "V", pack( "V", 200 ) ));'
Array
(
    [1] => -2147483448
)
# ./sapi/cli/php -r 'print_r( unpack( "V", pack( "V", 200 ) ));'
Array
(
    [1] => 200
)
# ./sapi/cli/php -r 'print_r( unpack( "V", pack( "V", 200 ) ));'
Array
(
    [1] => 200
)
# ./sapi/cli/php -r 'print_r( unpack( "V", pack( "V", 200 ) ));'
Array
(
    [1] => -2147483448
)


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-04-03 21:59 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Wed Sep 30 07:01:23 2020 UTC