PHP :: Bug #67247 :: spl_fixedarray_resize integer overflow
[2014-05-12 00:46 UTC] stas@php.net
Description: ------------ SplFixedArray does not check given parameters for integer overflows when resizing. Test script: --------------- $ar = new SplFixedArray(1); echo "size: ".$ar->getSize()."\n"; $ar->setSize(0x2000000000000001); // or 0x40000001 for 32 bit echo "size: ".$ar->getSize()."\n"; Expected result: ---------------- Integer overflow error Actual result: -------------- Can crash or produce valgrind error
[2014-05-12 01:58 UTC] stas@php.net
-Status: Open +Status: Closed