MFH:

Matt Wilmas · Matt Wilmas · commit b907aa43311a · 2009-06-04T18:20:45.000Z
Restored double-&gt;long conversion behavior to that of PHP 5.2 (on most platforms) and prior:
 * Out-of-range numbers overflow/preserve least significant bits (no LONG_MAX/MIN limit)
 * See bug #42868 (presumably-rare platform with different results in 5.2)
 * On 32-bit platforms with 64-bit long type, a zend_long64 cast has been added,
    otherwise it's the same as 5.2
 * Use this conversion method everywhere instead of some plain (long) casts

Added 'L' parameter parsing specifier to ensure a LONG_MAX/MIN limit:
 * Essentially what 5.3's new conversion was doing in most cases
 * Functions with "limit" or "length" type params could be updated to use this,
    and prevent confusing overflow behavior with huge numbers (*also* in 5.2)
  - See bug #47854, for example; or even #42868 again

# Test updates coming
diff --git a/README.PARAMETER_PARSING_API b/README.PARAMETER_PARSING_API
@@ -48,6 +48,7 @@ Type specifiers
  h  - array (returned as HashTable*)
  H  - array or HASH_OF(object) (returned as HashTable*)
  l  - long (long)
+ L  - long, limits out-of-range numbers to LONG_MAX/LONG_MIN (long)
  o  - object of any type (zval*)
  O  - object of specific type given by class entry (zval*, zend_class_entry)
  r  - resource (zval*)
diff --git a/Zend/Zend.m4 b/Zend/Zend.m4
@@ -117,6 +117,38 @@ AC_CHECK_FUNCS(finite isfinite isinf isnan)
 ZEND_FP_EXCEPT
 
 ZEND_CHECK_FLOAT_PRECISION
+
+dnl test whether double cast to long preserves least significant bits
+AC_MSG_CHECKING(whether double cast to long preserves least significant bits)
+
+AC_TRY_RUN([
+#include <limits.h>
+
+int main()
+{
+	if (sizeof(long) == 4) {
+		double d = (double) LONG_MIN * LONG_MIN + 2e9;
+
+		if ((long) d == 2e9 && (long) -d == -2e9) {
+			exit(0);
+		}
+	} else if (sizeof(long) == 8) {
+		double correct = 18e18 - ((double) LONG_MIN * -2); /* Subtract ULONG_MAX + 1 */
+
+		if ((long) 18e18 == correct) { /* On 64-bit, only check between LONG_MAX and ULONG_MAX */
+			exit(0);
+		}
+	}
+	exit(1);
+}
+], [
+  AC_DEFINE([ZEND_DVAL_TO_LVAL_CAST_OK], 1, [Define if double cast to long preserves least significant bits])
+  AC_MSG_RESULT(yes)
+], [
+  AC_MSG_RESULT(no)
+], [
+  AC_MSG_RESULT(no)
+])
 	
 ])
 
diff --git a/Zend/zend_API.c b/Zend/zend_API.c
@@ -313,6 +313,7 @@ static char *zend_parse_arg_impl(int arg_num, zval **arg, va_list *va, char **sp
 
 	switch (c) {
 		case 'l':
+		case 'L':
 			{
 				long *p = va_arg(*va, long *);
 				switch (Z_TYPE_PP(arg)) {
@@ -324,14 +325,33 @@ static char *zend_parse_arg_impl(int arg_num, zval **arg, va_list *va, char **sp
 							if ((type = is_numeric_string(Z_STRVAL_PP(arg), Z_STRLEN_PP(arg), p, &d, -1)) == 0) {
 								return "long";
 							} else if (type == IS_DOUBLE) {
-								*p = (long) d;
+								if (c == 'L') {
+									if (d > LONG_MAX) {
+										*p = LONG_MAX;
+										break;
+									} else if (d < LONG_MIN) {
+										*p = LONG_MIN;
+										break;
+									}
+								}
+
+								*p = zend_dval_to_lval(d);
 							}
 						}
 						break;
 
+					case IS_DOUBLE:
+						if (c == 'L') {
+							if (Z_DVAL_PP(arg) > LONG_MAX) {
+								*p = LONG_MAX;
+								break;
+							} else if (Z_DVAL_PP(arg) < LONG_MIN) {
+								*p = LONG_MIN;
+								break;
+							}
+						}
 					case IS_NULL:
 					case IS_LONG:
-					case IS_DOUBLE:
 					case IS_BOOL:
 						convert_to_long_ex(arg);
 						*p = Z_LVAL_PP(arg);
diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c
@@ -3997,7 +3997,6 @@ void zend_do_add_static_array_element(znode *result, znode *offset, const znode
 	ALLOC_ZVAL(element);
 	*element = expr->u.constant;
 	if (offset) {
-		long l;
 		switch (offset->u.constant.type & IS_CONSTANT_TYPE_MASK) {
 			case IS_CONSTANT:
 				/* Ugly hack to denote that this value has a constant index */
@@ -4020,8 +4019,7 @@ void zend_do_add_static_array_element(znode *result, znode *offset, const znode
 				zend_hash_index_update(Z_ARRVAL(result->u.constant), Z_LVAL(offset->u.constant), &element, sizeof(zval *), NULL);
 				break;
 			case IS_DOUBLE:
-				DVAL_TO_LVAL(Z_DVAL(offset->u.constant), l);
-				zend_hash_index_update(Z_ARRVAL(result->u.constant), l, &element, sizeof(zval *), NULL);
+				zend_hash_index_update(Z_ARRVAL(result->u.constant), zend_dval_to_lval(Z_DVAL(offset->u.constant)), &element, sizeof(zval *), NULL);
 				break;
 			case IS_CONSTANT_ARRAY:
 				zend_error(E_ERROR, "Illegal offset type");
diff --git a/Zend/zend_execute.c b/Zend/zend_execute.c
@@ -823,10 +823,9 @@ static inline zval **zend_fetch_dimension_address_inner(HashTable *ht, const zva
 				}
 			}
 			break;
-		case IS_DOUBLE: {
-			DVAL_TO_LVAL(Z_DVAL_P(dim), index);
+		case IS_DOUBLE:
+			index = zend_dval_to_lval(Z_DVAL_P(dim));
 			goto num_index;
-		}
 		case IS_RESOURCE:
 			zend_error(E_STRICT, "Resource ID#%ld used as offset, casting to integer (%ld)", Z_LVAL_P(dim), Z_LVAL_P(dim));
 			/* Fall Through */
diff --git a/Zend/zend_execute_API.c b/Zend/zend_execute_API.c
@@ -662,7 +662,7 @@ ZEND_API int zval_update_constant_ex(zval **pp, void *arg, zend_class_entry *sco
 					ret = zend_hash_update_current_key_ex(Z_ARRVAL_P(p), HASH_KEY_IS_LONG, NULL, 0, Z_LVAL(const_value), HASH_UPDATE_KEY_IF_BEFORE, NULL);
 					break;
 				case IS_DOUBLE:
-					ret = zend_hash_update_current_key_ex(Z_ARRVAL_P(p), HASH_KEY_IS_LONG, NULL, 0, (long)Z_DVAL(const_value), HASH_UPDATE_KEY_IF_BEFORE, NULL);
+					ret = zend_hash_update_current_key_ex(Z_ARRVAL_P(p), HASH_KEY_IS_LONG, NULL, 0, zend_dval_to_lval(Z_DVAL(const_value)), HASH_UPDATE_KEY_IF_BEFORE, NULL);
 					break;
 				case IS_NULL:
 					ret = zend_hash_update_current_key_ex(Z_ARRVAL_P(p), HASH_KEY_IS_STRING, "", 1, 0, HASH_UPDATE_KEY_IF_BEFORE, NULL);
diff --git a/Zend/zend_operators.c b/Zend/zend_operators.c
@@ -225,7 +225,7 @@ ZEND_API void convert_scalar_to_number(zval *op TSRMLS_DC) /* {{{ */
 				Z_LVAL(holder) = 0;									\
 				break;												\
 			case IS_DOUBLE:											\
-				DVAL_TO_LVAL(Z_DVAL_P(op), Z_LVAL(holder));			\
+				Z_LVAL(holder) = zend_dval_to_lval(Z_DVAL_P(op));	\
 				break;												\
 			case IS_STRING:											\
 				Z_LVAL(holder) = strtol(Z_STRVAL_P(op), NULL, 10);	\
@@ -349,7 +349,7 @@ ZEND_API void convert_to_long_base(zval *op, int base) /* {{{ */
 		case IS_LONG:
 			break;
 		case IS_DOUBLE:
-			DVAL_TO_LVAL(Z_DVAL_P(op), Z_LVAL_P(op));
+			Z_LVAL_P(op) = zend_dval_to_lval(Z_DVAL_P(op));
 			break;
 		case IS_STRING:
 			{
@@ -1017,7 +1017,7 @@ ZEND_API int bitwise_not_function(zval *result, zval *op1 TSRMLS_DC) /* {{{ */
 		ZVAL_LONG(result, ~Z_LVAL_P(op1));
 		return SUCCESS;
 	} else if (Z_TYPE_P(op1) == IS_DOUBLE) {
-		ZVAL_LONG(result, ~(long) Z_DVAL_P(op1));
+		ZVAL_LONG(result, ~zend_dval_to_lval(Z_DVAL_P(op1)));
 		return SUCCESS;
 	} else if (Z_TYPE_P(op1) == IS_STRING) {
 		int i;
diff --git a/Zend/zend_operators.h b/Zend/zend_operators.h
@@ -63,39 +63,24 @@ ZEND_API zend_bool instanceof_function_ex(const zend_class_entry *instance_ce, c
 ZEND_API zend_bool instanceof_function(const zend_class_entry *instance_ce, const zend_class_entry *ce TSRMLS_DC);
 END_EXTERN_C()
 
-/* {{{ DVAL_TO_LVAL */
-#define MAX_UNSIGNED_INT ((double) LONG_MAX * 2) + 1
-#ifdef _WIN64
-# define DVAL_TO_LVAL(d, l) \
-	if ((d) > LONG_MAX) { \
-		(l) = (long)(unsigned long)(__int64) (d); \
-	} else { \
-		(l) = (long) (d); \
-	}
-#elif !defined(_WIN64) && __WORDSIZE == 64
-# define DVAL_TO_LVAL(d, l) \
-	if ((d) >= LONG_MAX) { \
-		(l) = LONG_MAX; \
-	} else if ((d) <= LONG_MIN) { \
-		(l) = LONG_MIN; \
-	} else { \
-		(l) = (long) (d); \
+#if ZEND_DVAL_TO_LVAL_CAST_OK
+# define zend_dval_to_lval(d) ((long) (d))
+#elif SIZEOF_LONG == 4 && defined(HAVE_ZEND_LONG64)
+static zend_always_inline long zend_dval_to_lval(double d)
+{
+	if (d > LONG_MAX || d < LONG_MIN) {
+		return (long)(unsigned long)(zend_long64) d;
 	}
+	return (long) d;
+}
 #else
-# define DVAL_TO_LVAL(d, l) \
-	if ((d) > LONG_MAX) { \
-		if ((d) > MAX_UNSIGNED_INT) { \
-			(l) = LONG_MAX; \
-		} else { \
-			(l) = (unsigned long) (d); \
-		} \
-	} else { \
-		if((d) < LONG_MIN) { \
-			(l) = LONG_MIN; \
-		} else { \
-			(l) = (long) (d); \
-		} \
+static zend_always_inline long zend_dval_to_lval(double d)
+{
+	if (d > LONG_MAX) {
+		return (long)(unsigned long) d;
 	}
+	return (long) d;
+}
 #endif
 /* }}} */
 
diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h
@@ -3085,11 +3085,9 @@ ZEND_VM_HANDLER(72, ZEND_ADD_ARRAY_ELEMENT, CONST|TMP|VAR|CV, CONST|TMP|VAR|UNUS
 		}
 	}
 	if (offset) {
-	  	long l;
 		switch (Z_TYPE_P(offset)) {
 			case IS_DOUBLE:
-			  	DVAL_TO_LVAL(Z_DVAL_P(offset), l);
-				zend_hash_index_update(Z_ARRVAL_P(array_ptr), l, &expr_ptr, sizeof(zval *), NULL);
+				zend_hash_index_update(Z_ARRVAL_P(array_ptr), zend_dval_to_lval(Z_DVAL_P(offset)), &expr_ptr, sizeof(zval *), NULL);
 				break;
 			case IS_LONG:
 			case IS_BOOL:
@@ -3408,7 +3406,6 @@ ZEND_VM_HANDLER(75, ZEND_UNSET_DIM, VAR|UNUSED|CV, CONST|TMP|VAR|CV)
 	zend_free_op free_op1, free_op2;
 	zval **container = GET_OP1_OBJ_ZVAL_PTR_PTR(BP_VAR_UNSET);
 	zval *offset = GET_OP2_ZVAL_PTR(BP_VAR_R);
-	long index;
 
 	if (OP1_TYPE != IS_VAR || container) {
 		if (OP1_TYPE == IS_CV && container != &EG(uninitialized_zval_ptr)) {
@@ -3420,14 +3417,12 @@ ZEND_VM_HANDLER(75, ZEND_UNSET_DIM, VAR|UNUSED|CV, CONST|TMP|VAR|CV)
 
 				switch (Z_TYPE_P(offset)) {
 					case IS_DOUBLE:
-						index = (long) Z_DVAL_P(offset);
-						zend_hash_index_del(ht, index);
+						zend_hash_index_del(ht, zend_dval_to_lval(Z_DVAL_P(offset)));
 						break;
 					case IS_RESOURCE:
 					case IS_BOOL:
 					case IS_LONG:
-						index = Z_LVAL_P(offset);
-						zend_hash_index_del(ht, index);
+						zend_hash_index_del(ht, Z_LVAL_P(offset));
 						break;
 					case IS_STRING:
 						if (OP2_TYPE == IS_CV || OP2_TYPE == IS_VAR) {
@@ -3907,7 +3902,6 @@ ZEND_VM_HELPER_EX(zend_isset_isempty_dim_prop_obj_handler, VAR|UNUSED|CV, CONST|
 	zval **container = GET_OP1_OBJ_ZVAL_PTR_PTR(BP_VAR_IS);
 	zval **value = NULL;
 	int result = 0;
-	long index;
 
 	if (OP1_TYPE != IS_VAR || container) {
 		zend_free_op free_op2;
@@ -3921,16 +3915,14 @@ ZEND_VM_HELPER_EX(zend_isset_isempty_dim_prop_obj_handler, VAR|UNUSED|CV, CONST|
 
 			switch (Z_TYPE_P(offset)) {
 				case IS_DOUBLE:
-					index = (long) Z_DVAL_P(offset);
-					if (zend_hash_index_find(ht, index, (void **) &value) == SUCCESS) {
+					if (zend_hash_index_find(ht, zend_dval_to_lval(Z_DVAL_P(offset)), (void **) &value) == SUCCESS) {
 						isset = 1;
 					}
 					break;
 				case IS_RESOURCE:
 				case IS_BOOL:
 				case IS_LONG:
-					index = Z_LVAL_P(offset);
-					if (zend_hash_index_find(ht, index, (void **) &value) == SUCCESS) {
+					if (zend_hash_index_find(ht, Z_LVAL_P(offset), (void **) &value) == SUCCESS) {
 						isset = 1;
 					}
 					break;
diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h
diff --git a/win32/build/config.w32 b/win32/build/config.w32

Original file line number	Diff line number	Diff line change
`@@ -823,10 +823,9 @@ static inline zval *zend_fetch_dimension_address_inner(HashTable ht, const zva`
`823`	`823`	`}`
`824`	`824`	`}`
`825`	`825`	`break;`
`826`		`- case IS_DOUBLE: {`
`827`		`- DVAL_TO_LVAL(Z_DVAL_P(dim), index);`
	`826`	`+ case IS_DOUBLE:`
	`827`	`+ index = zend_dval_to_lval(Z_DVAL_P(dim));`
`828`	`828`	`goto num_index;`
`829`		`- }`
`830`	`829`	`case IS_RESOURCE:`
`831`	`830`	`zend_error(E_STRICT, "Resource ID#%ld used as offset, casting to integer (%ld)", Z_LVAL_P(dim), Z_LVAL_P(dim));`
`832`	`831`	`/* Fall Through */`