|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #63510 Integer overflow with chr should be able to be detected
Submitted: 2012-11-14 09:36 UTC Modified: 2016-08-28 21:22 UTC
From: idokan at gmail dot com Assigned: yohgaki (profile)
Status: Assigned Package: Strings related
PHP Version: 5.4.8 OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!
Your email address:
Solve the problem:
17 + 5 = ?
Subscribe to this entry?

 [2012-11-14 09:36 UTC] idokan at gmail dot com
The chr function translate a single Byte length integer into it's ASCII value.
When providing a number bigger then 255, it returns the first byte instead of reporting an error about being out of range.

Test script:
echo chr(1000) . ' ' . ord(chr(1000)) . "\n";

Expected result:
chr must check the numeric boundaries and report on on an error when they are out of the range.

Actual result:
returns the first byte out of the result, making it appear like an integer overflow that the carry flag exception was captured.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2012-11-14 15:28 UTC]
I think this check could be done in user script self.

the document said:
chr convert *ascii* code .. so...
 [2012-11-14 15:36 UTC] idokan at gmail dot com
Huh ?!

ASCII is 0..127 chars, if they are out of range and also from extended ASCII (128..255), then you must report an error like with normal implementation such as Ruby, Python, Pascal, Perl (with strict bytes) etc...
Not to $value & 255 it.
 [2013-10-24 06:56 UTC]
-Assigned To: +Assigned To: yohgaki
 [2013-10-24 06:56 UTC]
-Status: Assigned +Status: Open
 [2015-02-03 06:52 UTC]
-Type: Bug +Type: Feature/Change Request
 [2016-07-01 19:49 UTC]
It seems to be appropriate to point out why this ticket had been
changed to feature request. :)

> Not to $value & 255 it.

Actually, the integer is simply cast to char and used as the first
and only byte of the returned string[1].

Of course, this behavior is questionable, but changing it would
cause a BC break, so it can't be done in a minor version or even a
patch release without a very good reason. Simply stating "you must
report an error like XYZ" is not a very good reason, in my
opinion. I'd rather fix the docs and maybe change the behavior in
the next major version.

[1] <>
 [2016-07-01 20:07 UTC]
Automatic comment from SVN on behalf of cmb
Log: Address #63510: Integer overflow with chr
 [2016-08-28 21:20 UTC]
-Summary: Integer overflow with chr +Summary: Integer overflow with chr should be able to be detected
 [2016-08-28 21:20 UTC]
Should we close this bug? I'm fine with documentation change. 

chr() may have strict option that detects overflow, also. 

string chr(long $code [, bool $strict=FALSE])
 [2016-08-28 21:22 UTC]
BTW, we'll have mb_chr()/mb_ord() from PHP 7.2

commit 087dcd9381c33057901dbe1ef89847d6fa87316d
Merge: 4a3188f 15e32fd
Author: Yasuo Ohgaki <>
Date:   Wed Aug 10 09:47:27 2016 +0900

    Request #65081 mb_chr() and mb_ord()
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Tue Sep 29 08:01:24 2020 UTC