php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75164 split_bc_num() is pointless
Submitted: 2017-09-06 12:17 UTC Modified: 2017-09-18 13:25 UTC
From: cmb@php.net Assigned: cmb
Status: Closed Package: BC math related
PHP Version: 7.0.23 OS: *
Private report: No CVE-ID:
 [2017-09-06 12:17 UTC] cmb@php.net
Description:
------------
The fix for bug #72093 introduced split_bc_num(), but this
function appears to be pointless, because it returns its input if
the refcount is greater than or equal 1[1] (what' most likely
always true).

Even if the split would be done if the refcount is greater than 1,
it appears that the shallow copy[2] would not be sufficient
anyway, since bc_struct holds pointers to strings[3] which would
still be shared.

I have not been able to come up with a test case showing the
assumed misbehavior. Actually, all tests still pass (even with
valgrind enabled), if the function's body is changed to always
return num.

[1] <https://github.com/php/php-src/blob/php-7.2.0RC1/ext/bcmath/bcmath.c#L214-L216>
[2] <https://github.com/php/php-src/blob/php-7.2.0RC1/ext/bcmath/bcmath.c#L218>
[3] <https://github.com/php/php-src/blob/php-7.2.0RC1/ext/bcmath/libbcmath/src/bcmath.h#L46-L52>


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-09-18 13:25 UTC] cmb@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Aug 29 15:01:52 2017 UTC