php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75806 version_compare does strange things with string starting with "p"
Submitted: 2018-01-12 00:21 UTC Modified: 2018-01-13 18:33 UTC
From: ksours at internetbrands dot com Assigned:
Status: Re-Opened Package: PHP options/info functions
PHP Version: 7.0.27 OS:
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2018-01-12 00:21 UTC] ksours at internetbrands dot com
Description:
------------
version_compare appears to treat any string starting with p at the pl=p level when doing comparisons, which is contrary to the documented behavior

Test script:
---------------
echo version_compare('1.0.0', '1.0.0ptotalgarbage');

Expected result:
----------------
1

Actual result:
--------------
-1

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-01-12 22:24 UTC] cmb@php.net
-Status: Open +Status: Not a bug -Package: *General Issues +Package: PHP options/info functions -Assigned To: +Assigned To: cmb
 [2018-01-12 22:24 UTC] cmb@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

'1.0.0ptotalgarbage' is treated as '1.0.0.p.…', which is higher
than '1.0.0'.
 [2018-01-12 22:46 UTC] ksours at internetbrands dot com
This behavior is entirely unclear from the documentation, which I read in detail before reporting and again just now.  

It appears that the strings in the comparison list are treated as separate "parts" even if then occur within a larger non numeric string, but this is not mentioned anywhere and not clear.  Especially since it explicitly states that unrecognized strings in the version are handled: "any string not found in this list"

Actually poking it further there is some really unintuitive and undocumented behavior in how longer strings that contain the "known" version parts get interpreted in general:

version_compare('1.0.0xdev', '1.0.0xxxdevxxx'); // returns 0
version_compare('1.0.0xdev', '1.0.0xxxdev-xxx'); // returns 1

If this isn't a bug, then the documentation is inadequate.
 [2018-01-13 18:33 UTC] cmb@php.net
-Status: Not a bug +Status: Re-Opened -Assigned To: cmb +Assigned To:
 [2018-01-13 18:33 UTC] cmb@php.net
> '1.0.0ptotalgarbage' is treated as '1.0.0.p.…', […]

That's not correct.  Actually, it is treated as
'1.0.0.ptotalgarbage'.

> "any string not found in this list"

The current implementation does not check the full strings, but
rather the beginning of the string only.  In this case, it sees
'p' and totally ignores 'totalgarbage'.  Frankly, I don't know
whether it is supposed to work this way.
 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Tue Oct 16 20:01:27 2018 UTC