Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ini_parse_quantity() fails to parse inputs starting with 0x0b #16892

Open
plstand opened this issue Nov 21, 2024 · 2 comments
Open

ini_parse_quantity() fails to parse inputs starting with 0x0b #16892

plstand opened this issue Nov 21, 2024 · 2 comments
Labels
Bug Status: Needs Triage

Comments

@plstand
Copy link
Contributor

plstand commented Nov 21, 2024

Description

Since d229a48 (#11910), zend_ini_parse_quantity_internal() rejects inputs in which 0x/0o/0b is followed by whitespace, a sign, or 0x/0o/0b, in order to prevent inputs such as 0x0x12 from being accepted as valid (see #11876). Unfortunately, while 0x and 0o cannot follow a base prefix within valid input, 0b can start a valid hexadecimal number with one leading zero, and such inputs are no longer accepted.

As a suggested fix, zend_ini_consume_quantity() could be changed to not recognize "0b" or "0B", as ZEND_STRTOUL() should not recognize it (at least in the "C" locale). Better yet, do away with that function entirely and also fix #16886. Just check that a whitespace character, +, -, "0x", or "0X" does not immediately follow the base prefix (or check if the first two digits are valid for the base, or at least for hexadecimal). If the first digit is invalid, parsing should not continue (as is the case now), though if the second digit is invalid, the error should be reported as an unknown suffix (if last character) or as more than one character in suffix (if not last character) for consistency with how an invalid second digit is reported in the usual case.

The following code:

<?php
echo ini_parse_quantity('0x0b'), "\n";
echo ini_parse_quantity('-0x0B'), "\n";
echo ini_parse_quantity('0x0beef'), "\n";
echo ini_parse_quantity('-0x0BEEF'), "\n";

Resulted in this output:


Warning: Invalid quantity "0x0b": no digits after base prefix, interpreting as "0" for backwards compatibility in /home/ki/Documents/Scratchpad/test_parse_quantity_prefixes2.php on line 2
0

Warning: Invalid quantity "-0x0B": no digits after base prefix, interpreting as "0" for backwards compatibility in /home/ki/Documents/Scratchpad/test_parse_quantity_prefixes2.php on line 3
0

Warning: Invalid quantity "0x0beef": no digits after base prefix, interpreting as "0" for backwards compatibility in /home/ki/Documents/Scratchpad/test_parse_quantity_prefixes2.php on line 4
0

Warning: Invalid quantity "-0x0BEEF": no digits after base prefix, interpreting as "0" for backwards compatibility in /home/ki/Documents/Scratchpad/test_parse_quantity_prefixes2.php on line 5
0

But I expected this output instead:

11
-11
48879
-48879

PHP Version

PHP 8.5.0-dev

Operating System

No response
@cmb69
Copy link
Member

cmb69 commented Nov 21, 2024

Yeah, that looks like an inadvertent behavioral change. @Girgias, thoughts?

@Girgias
Copy link
Member

Girgias commented Nov 21, 2024

I agree this is unintentional BC break, if someone is happy to "properly" implement a version of ZEND_STRTOUL() that accepts 0b, 0o, and 0x prefixes that would be nice. As that would probably fix most issues accross the codebase.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Status: Needs Triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@plstand @cmb69 @Girgias