php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75178 bcpowmod() misbehaves for non-integer base or modulus
Submitted: 2017-09-09 10:58 UTC Modified: 2017-09-09 11:02 UTC
From: cmb@php.net Assigned: cmb
Status: Closed Package: BC math related
PHP Version: 7.0.23 OS: *
Private report: No CVE-ID:
 [2017-09-09 10:58 UTC] cmb@php.net
Description:
------------
bcpowmod() accepts non-integral operands, writing a warning to
stderr (see bug #75169) and simply going on for non-integer base
and modulus, while a non-integer exponent is truncated. The
results appear to be nonsensical.

Since bcpowmod() is a simple wrapper for bc_raisemod() which
implements the so called right-to-left binary method for modular
exponentiation[1], the function is unsuitable for non-integral
operands, so the warnings are correct, but base and modulus would
have to be truncated as well.[2]

[1] <https://en.wikipedia.org/wiki/Modular_exponentiation#Right-to-left_binary_method>
[2] <https://github.com/php/php-src/blob/php-7.0.23/ext/bcmath/libbcmath/src/raisemod.c#L69>


Test script:
---------------
<?php
var_dump(bcpowmod('4.1', '4', '3', 3));
var_dump(bcpowmod('4', '4', '3.1', 3));


Expected result:
----------------
bc math warning: non-zero scale in base
string(5) "1.000"
bc math warning: non-zero scale in modulus
string(5) "1.000"


Actual result:
--------------
bc math warning: non-zero scale in base
string(5) "0.276"
bc math warning: non-zero scale in modulus
string(5) "0.250"


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-09-09 11:02 UTC] cmb@php.net
-Assigned To: +Assigned To: cmb
 [2017-09-09 11:46 UTC] cmb@php.net
Automatic comment on behalf of cmbecker69@gmx.de
Revision: http://git.php.net/?p=php-src.git;a=commit;h=44eec946e8c6c830992572e15e4b63b4dd92abdf
Log: Fixed bug #75178 (bcpowmod() misbehaves for non-integer base or modulus)
 [2017-09-09 11:46 UTC] cmb@php.net
-Status: Assigned +Status: Closed
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Aug 29 15:01:52 2017 UTC