array operator [] inconsistency when the array has PHP_INT_MAX index value
| Bug #47836 | array operator [] inconsistency when the array has PHP_INT_MAX index value | ||||
|---|---|---|---|---|---|
| Submitted: | 2009-03-30 07:40 UTC | Modified: | 2009-06-07 19:32 UTC | ||
| From: | for-bugs at hnw dot jp | Assigned: | |||
| Status: | Closed | Package: | Scripting Engine problem | ||
| PHP Version: | 5.2.9 | OS: | * | ||
| Private report: | No | CVE-ID: | None | ||
[2009-03-30 07:40 UTC] for-bugs at hnw dot jp
Description:
------------
The behavior of operator [] to the array is sometimes strange or hard to describe the specification. For instance, the array which has two index, 2147483647 and -2147483648 on 32bit environment gets strange results. See below example:
Reproduce code:
---------------
<?php
$array=array();
$array[-2147483648]=2;
$array[2147483647]=1;
$array[]=3;
var_dump($array);
$array=array();
$array[2147483647]=1;
$array[-2147483648]=2;
$array[]=3;
var_dump($array);
Expected result:
----------------
It should be same behavior. I think, the substitution to $array[] shuold be both failed for this case.
Actual result:
--------------
PHP Warning: Cannot add element to the array as the next element is already occupied in ./array-maxint-test.php on line 5
array(2) {
[-2147483648]=>
int(2)
[2147483647]=>
int(1)
}
array(3) {
[2147483647]=>
int(1)
[-2147483648]=>
int(2)
[-2147483647]=>
int(3)
}
Patches
Pull Requests
History
AllCommentsChangesGit/SVN commits
[2009-03-30 11:00 UTC] mattwil@php.net
Untested, but it seems like this would give the expected result. In zend_hash.c:_zend_hash_index_update_or_next_insert(), change the check from if ((long)h >= (long)ht->nNextFreeElement) { ht->nNextFreeElement = h + 1; } to if (h >= ht->nNextFreeElement && h < LONG_MAX) { ht->nNextFreeElement = h + 1; }[2009-06-07 19:32 UTC] mattwil@php.net