php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #61740 base_convert skips over out-of-range or unknown characters
Submitted: 2012-04-15 21:44 UTC Modified: 2019-07-11 20:34 UTC
Votes:2
Avg. Score:3.5 ± 0.5
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (50.0%)
From: hholzgra@php.net Assigned: nikic (profile)
Status: Closed Package: Math related
PHP Version: master-Git-2012-04-15 (Git) OS: linux
Private report: No CVE-ID: None
View Developer Edit
 [2012-04-15 21:44 UTC] hholzgra@php.net 
Description:
------------
e.g. base_convert(101,10,10) and base_convert(10.1,10,10) return the same result as the decimal dot character is simply ignored/skipped over
(found in the user notes on base_convert() in the manual)

Test script:
---------------
echo base_convert("10@23",10,10);

Expected result:
----------------
10 // or an error

Actual result:
--------------
1023

Patches

base-convert-notice (last revision 2016-06-30 12:10 UTC by cmb@php.net)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-06-30 11:35 UTC] cmb@php.net
-Status: Open +Status: Verified
 [2016-06-30 11:35 UTC] cmb@php.net 
Confirmed: <https://3v4l.org/kqOBk>. Apparently, *any* invalid
characters in $number are silently ignored.
 [2016-06-30 11:43 UTC] cmb@php.net 
Automatic comment from SVN on behalf of cmb
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=339532
Log: Address #61740: base_convert skips over out-of-range or unknown characters
 [2016-06-30 12:10 UTC] cmb@php.net 
The following patch has been added/updated:

Patch Name: base-convert-notice
Revision:   1467288606
URL:        https://bugs.php.net/patch-display.php?bug=61740&patch=base-convert-notice&revision=1467288606
 [2016-06-30 12:12 UTC] cmb@php.net 
While fixing this issue is trivial (for instance, the attached
patch base-convert-notice would raise E_NOTICE, but continue
processing), it would cause BC break: I got 9 failing PHPTs and
maybe even worse, _php_math_basetozval() is declared as PHP_API.
 [2019-07-11 20:23 UTC] Scott at exussum dot co dot uk 
This has been fixed in PHP 7.4
 [2019-07-11 20:34 UTC] nikic@php.net
-Status: Verified +Status: Closed -Assigned To: +Assigned To: nikic
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Mon Nov 25 22:01:31 2024 UTC