php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #46701 Creating associative array with long values in the key fails on 32bit linux
Submitted: 2008-11-27 21:04 UTC Modified: 2009-02-20 13:27 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: testuzer at hotmail dot com Assigned: felipe
Status: Closed Package: Scripting Engine problem
PHP Version: 5CVS, 6CVS (2008-11-28) OS: Linux 32bit - ubuntu
Private report: No CVE-ID:
 [2008-11-27 21:04 UTC] testuzer at hotmail dot com
Description:
------------
Creating associative array with long values in the key fails under linux builds but work under windows.

Reproduce code:
---------------
$test_array = array(
  0xcc5c4600 => 1,
  0xce331a00 => 1,
  0xce359000 => 1,
  );

print_r( $test_array ); 


Expected result:
----------------
Array
(
    [-866368000] => 1
    [-835511808] => 1
    [-835350528] => 1
)


Actual result:
--------------
Array
(
    [-2147483648] => 1
)


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-11-28 12:37 UTC] jani@php.net
Same result with 32bit linux, this is with 64bit:

# php t.php

Array
(
    [3428599296] => 1
    [3459455488] => 1
    [3459616768] => 1
)

 [2008-11-28 20:10 UTC] mattwil@php.net
Is this really only happening with array indexes...? Either way, the bug title isn't accurate.

If it's only with array indexes, it shouldn't be hexadecimal-related, but would be coming from the simple (long) cast of any double value (from "long values in the key") in zend_hash_*, resulting in "undefined behavior."

But, are those values even correct before the array part gets processed? e.g. does var_dump(0xcc5c4600) give 3428599296? If not, then it's obviously not array-specific. :-) Hmm, I was just going to say, see Bug #45068 for the possible cause (and http://news.php.net/php.internals/40199), but I just noticed that you marked that Bogus Jani? Cross-compiling isn't supported? Well, I guess you're not doing that then when reproducing this... How about you, bug reporter?
 [2008-11-29 06:18 UTC] testuzer at hotmail dot com
Here is a simple test:

Reproduce code:
---------------
echo 0xcc5c4600;
var_dump( 0xcc5c4600 );
print_r( 0xcc5c4600 );


For both Windows and Linux - ubuntu the result is the same.

Actual result Windows 32bit:
--------------
3428599296
float(3428599296)
3428599296

Actual result Linux 32bit:
--------------
3428599296
float 3428599296
3428599296

So it is not a hex to long conversion problem.


Running the same array test using decimals and same values.

Reproduce code:
---------------
$test_array = array(
    3428599296 => 1,
    3459455488 => 1,
    3459616768 => 1
);

print_r( $test_array ); 

Actual result Windows 32bit:
--------------
Array
(
    [-866368000] => 1
    [-835511808] => 1
    [-835350528] => 1
)


Actual result Linux 32bit:
--------------
Array
(
    [-2147483648] => 1
)
 [2008-11-29 06:56 UTC] testuzer at hotmail dot com
Can also confirm Linux -ubuntu 64bit works.

Actual result Linux 64bit (php 5.2.4):
--------------
Array
(
    [3428599296] => 1
    [3459455488] => 1
    [3459616768] => 1
)


Obviously the 32bit os treats it as a signed 32bit value
and a 64bit os as a 64bit value..... so you get a positive
value. The array key handling is _only_ broken on linux 32bit.
 [2008-12-01 01:49 UTC] cyberquoter at gmail dot com
OS: Debian Linux 2.6.18-6-686 (32bit)
PHP: 5.2.0-8+etch13

Result:
Array
(
    [-2147483648] => 1
)
 [2008-12-04 01:43 UTC] msaraujo@php.net
Array
(
    [-2147483648] => 1
)

Reproduced here.
 [2009-01-03 05:03 UTC] shire@php.net
Proposed patches to make $array[$double] perform the same as $array[intval($double)]...

http://tekrat.com/patches/bug46701.php6.patch
http://tekrat.com/patches/bug46701.php53.patch
http://tekrat.com/patches/bug46701.php52.patch

 [2009-01-05 20:42 UTC] felipe@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Fixed in 5_3 and HEAD at the moment.
 [2009-01-06 01:30 UTC] felipe@php.net
Fixed in 5_2_9 too.
 [2009-02-20 13:13 UTC] jani@php.net
The test fails for me:

[jani@localhost tests]$ cat bug46701.diff 
001+ array(1) {
002+   [-2147483648]=>
003+   int(3)
004+ }
005+ int(3)
006+ array(1) {
007+   [-2147483648]=>
001- array(3) {
002-   [-866368000]=>
003-   int(1)
004-   [-835511808]=>
005-   int(2)
006-   [-835350528]=>
009- int(2)
010- array(1) {
011-   [-835350528]=>
012-   int(3)
013- }
 [2009-02-20 13:27 UTC] felipe@php.net
Yes, the patch was revert in 5_2.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 24 02:02:10 2014 UTC