php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #55393 base_convert makes negative numbers positive
Submitted: 2011-08-10 18:20 UTC Modified: 2021-09-21 12:00 UTC
Votes:8
Avg. Score:3.5 ± 1.2
Reproduced:6 of 6 (100.0%)
Same Version:1 (16.7%)
Same OS:3 (50.0%)
From: phpbugs at ch dot pkts dot ca Assigned: cmb (profile)
Status: Closed Package: Math related
PHP Version: Irrelevant OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2011-08-10 18:20 UTC] phpbugs at ch dot pkts dot ca 
Description:
------------
I'd created a fake email code fragment:
  e-mail: foo.<?php echo base_convert(time(),10,36).".".base_convert(ip2long($_SERVER['REMOTE_ADDR']),10,36) ?>@mydomain.com

However, long2ip(base_convert("cxcapb",36,10)) gave the wrong answer (should be 209.105.205.209, got 46.150.50.47)

It turns out that base_convert(...,10,36) should have returned -cxcapb instead of cxcapb, since ip2long("209.105.205.209") = -781595183 and ip2long("46.150.50.47") = 781595183.

At this point, I'm not sure if there's legions of programs that work around this bug and would be broken by a fix.

Test script:
---------------
$a=base_convert(-781595183,10,36);
if (base_convert($a,36,10) != -781595183) { echo "fail\n"; } else { echo "success\!"; }


Expected result:
----------------
success!

Actual result:
--------------
fail

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-12-14 18:32 UTC] ffeast at gmail dot com 
Hi

There's a simpler example:
php -r 'print(base_convert(-5, 10, 2));'
101

So '-' is omitted. 

$ php -v
PHP 5.5.9-1ubuntu4.4 (cli) (built: Sep  4 2014 06:57:30) 
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2014 Zend Technologies
    with Zend OPcache v7.0.3, Copyright (c) 1999-2014, by Zend Technologies

uname -a
Linux Oleg 3.13.0-34-generic #60-Ubuntu SMP Wed Aug 13 15:49:09 UTC 2014 i686 i686 i686 GNU/Linux


This is why it happens: 
https://github.com/php/php-src/blob/php-5.5.9/ext/standard/math.c#L869

any char except '0'..'9', 'a'..'z', 'A'..'Z' is simp
ly left out without warnings :-(
 [2018-02-28 20:00 UTC] cmb@php.net
-Package: Unknown/Other Function +Package: Math related
 [2019-07-11 20:22 UTC] Scott at exussum dot co dot uk 
This has been voted against and can be closed now https://wiki.php.net/rfc/base_convert_improvements

The 64 bit version of PHP will solve this issue
 [2021-09-21 12:00 UTC] cmb@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb
 [2021-09-21 12:00 UTC] cmb@php.net 
Indeed, there is a warning as of PHP 7.4.0[1], and it is clearly
documented that invalid characters are ignored[2].

[1] <https://3v4l.org/5jdrP>
[2] <https://www.php.net/manual/en/function.base-convert.php#refsect1-function.base-convert-parameters>
 
PHP Copyright © 2001-2023 The PHP Group
All rights reserved. 		Last updated: Sat Feb 04 18:03:44 2023 UTC