|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2018-08-15 03:33 UTC] a at b dot c dot de
[2018-08-15 09:18 UTC] cmb@php.net
-Status: Open
+Status: Not a bug
-Assigned To:
+Assigned To: cmb
[2018-08-15 09:18 UTC] cmb@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Sat Apr 20 12:01:28 2024 UTC |
Description: ------------ Isn't PHP supposed to convert string-integers to binary-integers internally whenever it needs to? I discovered serious calculation errors from AND, OR, and XOR bitwise operators when operating on certain small integers from data submitted from html forms by POST or GET. For example, 16 & 13 = 12, according to PHP, when these are from $_GET or $_POST. 16 & 13 = 0 when calculated from locally-assigned variables. See short demonstration script below. Miscalculations could create serious problems for PHP users if you're depending on correct answers. Discovered on php 7.2.7-0ubuntu0.18.04.2 and also tested on old php versions 4.3.2 and 5.0.4 with identical results. Functions + and - tested and work correctly. Seems to only affect bitwise operators. Please accept my profound apologies if I merely missed something in the fine PHP manual. I'm certain you can reproduce these results 100%. Thanks for reading this. Test script: --------------- <?php // calctest.php bit-wise calculator bug demonstration. PHP is supposed to // convert string integers to binary integers whenever it needs to, right? This // doesn't appear to be true for &, | and ^ (and, or, and xor). 8/14/2018. if (isset ($_GET['a'])) // same results if using $_POST variables $a = $_GET['a']; if (isset ($_GET['b'])) $b = $_GET['b']; if (!isset ($a) || !isset ($b)) { echo "invoke as calctest.php?a=29&b=11<br>\n"; echo "Use different small integers as desired<br>\n"; exit; } printf ("%d & %d = %d<br>\n", $a, $b, $a & $b); printf ("%d | %d = %d<br>\n", $a, $b, $a | $b); printf ("%d ^ %d = %d<br>\n", $a, $b, $a ^ $b); $c = intval ($a); // force converstion to binary and try again $d = intval ($b); printf ("<br>Real Answers:</br>\n"); printf ("%d & %d = %d<br>\n", $c, $d, $c & $d); printf ("%d | %d = %d<br>\n", $c, $d, $c | $d); printf ("%d ^ %d = %d<br>\n", $c, $d, $c ^ $d); ?> Expected result: ---------------- Correct results were expected. For example, calctest.php?a=16&b=13 16 & 13 = 12 (wrong) 16 | 13 = 17 (wrong) 16 ^ 13 = 0 (wrong) Real Answers: 16 & 13 = 0 (correct) 16 | 13 = 29 (correct) 16 ^ 13 = 29 (correct)