PHP :: Bug #55061 :: Array autoindex[] overflow

Bug #55061

Array autoindex[] overflow

Submitted:

2011-06-29 04:47 UTC

Modified:

2014-07-15 12:00 UTC

Votes:	2
Avg. Score:	3.0 ± 0.0
Reproduced:	0 of 0 (0.0%)

From:

vovan-ve at yandex dot ru

Assigned:

Status:

Verified

Package:

Arrays related

PHP Version:

OS:

Windows and 32bit OS

Private report:

CVE-ID:

None

View Developer Edit

[2011-06-29 04:47 UTC] vovan-ve at yandex dot ru

Description:
------------
There is a test code:

  $a = array(0x7FFFFFFF => 42);
  $a[] = 37;
  var_dymp($a);

Second line emits warning:

  Warning: Cannot add element to the array as the next element
  is already occupied in ... on line 2

and doesn't add element with value 37. This is absolutely abnormal
behaviour. At least there is incorrect text for Warning. I expect,
the element should be added with any index (i.e. string "2147483648"
as the result of 0x7FFFFFFF+1 thru float), or something else. But
element was not added even.

Test script:
---------------
$a = array(0x7FFFFFFF => 42);
$a[] = 37;
var_dymp($a);

Expected result:
----------------
array(1) {
  [2147483647]=>
  int(42)
  ["2147483648"]=>
  int(37)
}

OR (when int will become int64):

array(1) {
  [2147483647]=>
  int(42)
  [2147483648]=>
  int(37)
}

Actual result:
--------------
Warning: Cannot add element to the array as the next element is already occupied in ... on line 2
array(1) {
  [2147483647]=>
  int(42)
}

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2011-06-29 06:03 UTC] vovan-ve at yandex dot ru

Sorry for typo. var_dymp == var_dump

[2011-07-27 06:52 UTC] laruence@php.net

I can not reproduce this warning, do you have non-php-official extension installed?

if yes, plz remove them then check again. thanks

[2011-07-29 14:39 UTC] vovan-ve at yandex dot ru

No, I have no non-official extensions. I have disabled all extensions for test even. May be your int is not int32?

[2012-02-27 23:45 UTC] vovan-ve at yandex dot ru

Reproduced with the same behaviour and result in Ubuntu 11.10 i386.

[2012-07-03 15:45 UTC] pollita@php.net

-Status: Open +Status: Verified

[2012-07-03 15:45 UTC] pollita@php.net

Reproduced on Debian.

Tempting as it may be to go the string index route for values greater than 
PHP_INT_MAX, I'm more inclined to get a workable Big Int in PHP first, then use 
that for the index (beyond PHP_INT_MAX)

[2014-07-15 11:58 UTC] yohgaki@php.net

-Operating System: WindowsXP SP3 +Operating System: Windows and 32bit OS -PHP Version: 5.3.6 +PHP Version: *

[2014-07-15 11:58 UTC] yohgaki@php.net

http://3v4l.org/B0Ao5

32 bit int issue.

[2014-07-15 12:00 UTC] yohgaki@php.net

Values exceeds 64bit causes the same issue even with 64bit int.

[2014-07-15 12:21 UTC] vovan-ve at yandex dot ru

PHP <= 5.2.9 has *true* overflow: http://3v4l.org/As2H4

    array(2) {
      [9223372036854775807]=>
      int(42)
      [-9223372036854775808]=>
      int(37)
    }

Changelog for 5.2.10 mentioned https://bugs.php.net/bug.php?id=47836

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sun Apr 27 20:01:28 2025 UTC