Skip to content

Commit 9fcacc9

Browse files
SakiTakamachiSakiTakamachi
committed
Considering the 32-bit environment regarding the overflow of the resulting scale.
1 parent 9c59787 commit 9fcacc9

File tree

1 file changed

+10
-4
lines changed

1 file changed

+10
-4
lines changed

ext/bcmath/bcmath.c

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -798,6 +798,12 @@ static zend_object_handlers bcmath_number_obj_handlers;
798798
static zend_result bcmath_number_do_operation(uint8_t opcode, zval *ret_val, zval *op1, zval *op2);
799799
static int bcmath_number_compare(zval *op1, zval *op2);
800800

801+
#if SIZEOF_SIZE_T >= 8
802+
# define CHECK_RET_SCALE_OVERFLOW(scale, origin_scale) (scale > INT_MAX)
803+
#else
804+
# define CHECK_RET_SCALE_OVERFLOW(scale, origin_scale) (scale > INT_MAX || scale < origin_scale)
805+
#endif
806+
801807
static zend_always_inline bcmath_number_obj_t *get_bcmath_number_from_obj(const zend_object *obj)
802808
{
803809
return (bcmath_number_obj_t*)((char*)(obj) - XtOffsetOf(bcmath_number_obj_t, std));
@@ -984,7 +990,7 @@ static zend_always_inline zend_result bcmath_number_mul_internal(
984990
) {
985991
if (auto_scale) {
986992
*scale = n1_full_scale + n2_full_scale;
987-
if (UNEXPECTED(*scale > INT_MAX)) {
993+
if (UNEXPECTED(CHECK_RET_SCALE_OVERFLOW(*scale, n1_full_scale))) {
988994
zend_value_error("scale of the result is too large");
989995
return FAILURE;
990996
}
@@ -1001,7 +1007,7 @@ static zend_always_inline zend_result bcmath_number_div_internal(
10011007
) {
10021008
if (auto_scale) {
10031009
*scale = n1_full_scale + BC_MATH_NUMBER_EXPAND_SCALE;
1004-
if (UNEXPECTED(*scale > INT_MAX)) {
1010+
if (UNEXPECTED(CHECK_RET_SCALE_OVERFLOW(*scale, n1_full_scale))) {
10051011
zend_value_error("scale of the result is too large");
10061012
return FAILURE;
10071013
}
@@ -1058,7 +1064,7 @@ static zend_always_inline zend_result bcmath_number_pow_internal(
10581064
}
10591065
} else if (exponent < 0) {
10601066
*scale = n1_full_scale + BC_MATH_NUMBER_EXPAND_SCALE;
1061-
if (UNEXPECTED(*scale > INT_MAX)) {
1067+
if (UNEXPECTED(CHECK_RET_SCALE_OVERFLOW(*scale, n1_full_scale))) {
10621068
zend_value_error("scale of the result is too large");
10631069
return FAILURE;
10641070
}
@@ -1574,7 +1580,7 @@ PHP_METHOD(BcMath_Number, sqrt)
15741580
size_t scale;
15751581
if (scale_is_null) {
15761582
scale = intern->scale + BC_MATH_NUMBER_EXPAND_SCALE;
1577-
if (UNEXPECTED(scale > INT_MAX)) {
1583+
if (UNEXPECTED(CHECK_RET_SCALE_OVERFLOW(scale, intern->scale))) {
15781584
zend_value_error("scale of the result is too large");
15791585
RETURN_THROWS();
15801586
}

0 commit comments

Comments
 (0)