Skip to content

Gh18976 #18977

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Gh18976 #18977

wants to merge 1 commit into from

Conversation

devnexen
Copy link
Member

No description provided.

@devnexen devnexen linked an issue Jun 29, 2025 that may be closed by this pull request
Signed Integer Overflow in pack() #18976
Closed
nielsdos
nielsdos reviewed Jun 29, 2025
View reviewed changes
ext/standard/pack.c Outdated
efree(formatargs);
zend_value_error("Type %c: integer overflow in format string", code);
RETURN_THROWS();
}
INC_OUTPUTPOS((arg + (arg % 2)) / 2,1) /* 4 bit per arg */
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Another approach may be to compute arg/2 + arg%2 instead. I believe this does the same thing but can't overflow.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok that s more efficient.

@devnexen devnexen marked this pull request as ready for review June 29, 2025 13:30
@devnexen devnexen requested a review from bukka as a code owner June 29, 2025 13:30
nielsdos
nielsdos approved these changes Jun 29, 2025
View reviewed changes
ext/standard/tests/strings/gh18976.phpt Outdated
@@ -0,0 +1,14 @@
--TEST--
GH-18976 pack overflow wit h/H format
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
GH-18976 pack overflow wit h/H format
GH-18976 (pack overflow with h/H format)

nielsdos
nielsdos reviewed Jun 29, 2025
View reviewed changes
ext/standard/tests/strings/gh18976.phpt Outdated
@@ -0,0 +1,14 @@
--TEST--
GH-18976 (pack overflow wit h/H format)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still missing the h in with

@devnexen
Fix phpGH-18976: pack with h or H format string overflow.
3bd0630 
adding with its own remainder, INT_MAX overflows here (negative values are
discarded).

close phpGH-18977
@devnexen devnexen closed this in 865739e Jun 29, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nielsdos nielsdos nielsdos approved these changes

@bukka bukka Awaiting requested review from bukka bukka is a code owner

Assignees
No one assigned
Labels
Extension: standard
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Signed Integer Overflow in pack()
2 participants
@devnexen @nielsdos