|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2021-08-17 12:36 UTC] nikic@php.net
-Type: Security
+Type: Bug
[2021-08-17 12:39 UTC] nikic@php.net
-Status: Open
+Status: Feedback
[2021-08-17 12:39 UTC] nikic@php.net
[2021-08-17 13:00 UTC] yguoaz at gmail dot com
-Status: Feedback
+Status: Open
[2021-08-17 13:00 UTC] yguoaz at gmail dot com
[2021-08-17 13:06 UTC] nikic@php.net
-Status: Open
+Status: Feedback
[2021-08-17 13:06 UTC] nikic@php.net
[2021-08-17 13:09 UTC] yguoaz at gmail dot com
-Status: Feedback
+Status: Open
[2021-08-17 13:09 UTC] yguoaz at gmail dot com
[2021-08-17 13:15 UTC] nikic@php.net
-Status: Open
+Status: Not a bug
[2021-08-17 13:15 UTC] nikic@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Tue Oct 28 09:00:01 2025 UTC |
Description: ------------ In the file Zend/Optimizer/zend_inference.c, the function zend_inference_calc_binary_op_range has the following code: case ZEND_DIV: if (OP1_HAS_RANGE() && OP2_HAS_RANGE()) { op1_min = OP1_MIN_RANGE(); op2_min = OP2_MIN_RANGE(); op1_max = OP1_MAX_RANGE(); op2_max = OP2_MAX_RANGE(); if (op2_min <= 0 && op2_max >= 0) { break; } float_div(op1_min, op2_min, &t1, &t1_); float_div(op1_min, op2_max, &t2, &t2_); float_div(op1_max, op2_min, &t3, &t3_); float_div(op1_max, op2_max, &t4, &t4_); The function float_div uses its second argument as a divisor. If only one of the variables from op2_min and op2_max is zero, the checking can be bypassed and will lead to a divide by zero problem. Here is the link to the related code in github: https://github.com/php/php-src/blob/be2df43b08cf13b9a5791ff5eb827a125115ef52/Zend/Optimizer/zend_inference.c#L674