zend_atoi/zend_atol cleanup

sgolemon · sgolemon · commit 5d0bcd8d0e97 · 2019-05-09T12:34:11.000-04:00
zend_ato[il]() don't just do number parsing.
They also check for a 'K', 'M', or 'G' at the end of the string,
and multiply the parsed value out accordingly.

Unfortunately, they ignore any other non-numerics between the
numeric component and the last character in the string.
This means that numbers such as the following are both valid
and non-intuitive in their final output.

* "123KMG" is interpreted as "123G" -&gt; 132070244352
* "123G " is interpreted as "123 " -&gt; 123
* "123GB" is interpreted as "123B" -&gt; 123
* "123 I like tacos." is also interpreted as "123." -&gt; 123

This diff primarily adds warnings for these cases when the output
would be a potentially unexpected, and unhelpful value.

Additionally, with these changes, zend_atoi() is no longer used in php-src,
but I left it as a valid API for 3rd party extensions.
Note that I did make it a proxy to zend_atol() since deferring the
truncation till the end is effectively the same as truncation during
multiplication, but this avoid code duplication.

I think we should consider removing zend_atoi() entirely (perhaps in 8.0?)
and rename zend_atol() to something reflecting it's KMG specific behavior.
diff --git a/Zend/tests/zend_atol.phpt b/Zend/tests/zend_atol.phpt
@@ -0,0 +1,193 @@
+--TEST--
+Test parsing of INI "size" values (e.g. "16M")
+--FILE--
+<?php
+
+// This test checks valid formats do not throw any warnings.
+foreach (['', ' '] as $leadingWS) {
+  foreach (['', '+', '-'] as $sign) {
+    foreach (['', ' '] as $midWS) {
+      foreach (['', 'K', 'k', 'M', 'm', 'G', 'g'] as $exp) {
+        foreach (['', ' '] as $trailingWS) {
+          $setting = sprintf('%s%s1%s%s%s',
+                             $leadingWS, $sign, $midWS, $exp, $trailingWS);
+          var_dump($setting);
+
+          // Technically, negative values don't make sense for socket timout,
+          // but it doesn't validate that so use it anyway.
+          ini_set('default_socket_timeout', $setting);
+        }
+      }
+    }
+  }
+}
+
+--EXPECT--
+string(1) "1"
+string(2) "1 "
+string(2) "1K"
+string(3) "1K "
+string(2) "1k"
+string(3) "1k "
+string(2) "1M"
+string(3) "1M "
+string(2) "1m"
+string(3) "1m "
+string(2) "1G"
+string(3) "1G "
+string(2) "1g"
+string(3) "1g "
+string(2) "1 "
+string(3) "1  "
+string(3) "1 K"
+string(4) "1 K "
+string(3) "1 k"
+string(4) "1 k "
+string(3) "1 M"
+string(4) "1 M "
+string(3) "1 m"
+string(4) "1 m "
+string(3) "1 G"
+string(4) "1 G "
+string(3) "1 g"
+string(4) "1 g "
+string(2) "+1"
+string(3) "+1 "
+string(3) "+1K"
+string(4) "+1K "
+string(3) "+1k"
+string(4) "+1k "
+string(3) "+1M"
+string(4) "+1M "
+string(3) "+1m"
+string(4) "+1m "
+string(3) "+1G"
+string(4) "+1G "
+string(3) "+1g"
+string(4) "+1g "
+string(3) "+1 "
+string(4) "+1  "
+string(4) "+1 K"
+string(5) "+1 K "
+string(4) "+1 k"
+string(5) "+1 k "
+string(4) "+1 M"
+string(5) "+1 M "
+string(4) "+1 m"
+string(5) "+1 m "
+string(4) "+1 G"
+string(5) "+1 G "
+string(4) "+1 g"
+string(5) "+1 g "
+string(2) "-1"
+string(3) "-1 "
+string(3) "-1K"
+string(4) "-1K "
+string(3) "-1k"
+string(4) "-1k "
+string(3) "-1M"
+string(4) "-1M "
+string(3) "-1m"
+string(4) "-1m "
+string(3) "-1G"
+string(4) "-1G "
+string(3) "-1g"
+string(4) "-1g "
+string(3) "-1 "
+string(4) "-1  "
+string(4) "-1 K"
+string(5) "-1 K "
+string(4) "-1 k"
+string(5) "-1 k "
+string(4) "-1 M"
+string(5) "-1 M "
+string(4) "-1 m"
+string(5) "-1 m "
+string(4) "-1 G"
+string(5) "-1 G "
+string(4) "-1 g"
+string(5) "-1 g "
+string(2) " 1"
+string(3) " 1 "
+string(3) " 1K"
+string(4) " 1K "
+string(3) " 1k"
+string(4) " 1k "
+string(3) " 1M"
+string(4) " 1M "
+string(3) " 1m"
+string(4) " 1m "
+string(3) " 1G"
+string(4) " 1G "
+string(3) " 1g"
+string(4) " 1g "
+string(3) " 1 "
+string(4) " 1  "
+string(4) " 1 K"
+string(5) " 1 K "
+string(4) " 1 k"
+string(5) " 1 k "
+string(4) " 1 M"
+string(5) " 1 M "
+string(4) " 1 m"
+string(5) " 1 m "
+string(4) " 1 G"
+string(5) " 1 G "
+string(4) " 1 g"
+string(5) " 1 g "
+string(3) " +1"
+string(4) " +1 "
+string(4) " +1K"
+string(5) " +1K "
+string(4) " +1k"
+string(5) " +1k "
+string(4) " +1M"
+string(5) " +1M "
+string(4) " +1m"
+string(5) " +1m "
+string(4) " +1G"
+string(5) " +1G "
+string(4) " +1g"
+string(5) " +1g "
+string(4) " +1 "
+string(5) " +1  "
+string(5) " +1 K"
+string(6) " +1 K "
+string(5) " +1 k"
+string(6) " +1 k "
+string(5) " +1 M"
+string(6) " +1 M "
+string(5) " +1 m"
+string(6) " +1 m "
+string(5) " +1 G"
+string(6) " +1 G "
+string(5) " +1 g"
+string(6) " +1 g "
+string(3) " -1"
+string(4) " -1 "
+string(4) " -1K"
+string(5) " -1K "
+string(4) " -1k"
+string(5) " -1k "
+string(4) " -1M"
+string(5) " -1M "
+string(4) " -1m"
+string(5) " -1m "
+string(4) " -1G"
+string(5) " -1G "
+string(4) " -1g"
+string(5) " -1g "
+string(4) " -1 "
+string(5) " -1  "
+string(5) " -1 K"
+string(6) " -1 K "
+string(5) " -1 k"
+string(6) " -1 k "
+string(5) " -1 M"
+string(6) " -1 M "
+string(5) " -1 m"
+string(6) " -1 m "
+string(5) " -1 G"
+string(6) " -1 G "
+string(5) " -1 g"
+string(6) " -1 g "
diff --git a/Zend/tests/zend_atol_error.phpt b/Zend/tests/zend_atol_error.phpt
@@ -0,0 +1,27 @@
+--TEST--
+Test parsing failures of INI "size" values (e.g. "16M")
+--FILE--
+<?php
+
+// This test checks invalid formats do throw warnings.
+
+$tests = [
+  'K',     # No digits
+  '1KM',   # Multiple multipliers.
+  '1X',    # Unknown multiplier.
+  '1.0K',  # Non integral digits.
+];
+
+foreach ($tests as $setting) {
+  ini_set('default_socket_timeout', $setting);
+}
+
+--EXPECTF--
+
+Warning: Invalid numeric string 'K', no valid leading digits, interpreting as '0' in %s/zend_atol_error.php on line %d
+
+Warning: Invalid numeric string '1KM', interpreting as '1M' in %s/zend_atol_error.php on line %d
+
+Warning: Invalid numeric string '1X', interpreting as '1' in %s/zend_atol_error.php on line %d
+
+Warning: Invalid numeric string '1.0K', interpreting as '1K' in %s/zend_atol_error.php on line %d
diff --git a/Zend/zend_operators.c b/Zend/zend_operators.c
@@ -39,6 +39,8 @@ static _locale_t current_locale = NULL;
 #define zend_tolower(c) tolower(c)
 #endif
 
+#define ZEND_IS_WHITESPACE(c) (((c) == ' ') || ((c) == '\t') || ((c) == '\n') || ((c) == '\r') || ((c) == '\v') || ((c) == '\f'))
+
 #define TYPE_PAIR(t1,t2) (((t1) << 4) | (t2))
 
 static const unsigned char tolower_map[256] = {
@@ -80,56 +82,64 @@ static const unsigned char tolower_map[256] = {
 
 ZEND_API int ZEND_FASTCALL zend_atoi(const char *str, size_t str_len) /* {{{ */
 {
-	int retval;
-
-	if (!str_len) {
-		str_len = strlen(str);
-	}
-	retval = ZEND_STRTOL(str, NULL, 0);
-	if (str_len>0) {
-		switch (str[str_len-1]) {
-			case 'g':
-			case 'G':
-				retval *= 1024;
-				/* break intentionally missing */
-			case 'm':
-			case 'M':
-				retval *= 1024;
-				/* break intentionally missing */
-			case 'k':
-			case 'K':
-				retval *= 1024;
-				break;
-		}
-	}
-	return retval;
+	return (int)zend_atol(str, str_len);
 }
 /* }}} */
 
 ZEND_API zend_long ZEND_FASTCALL zend_atol(const char *str, size_t str_len) /* {{{ */
 {
 	zend_long retval;
+	char *end = NULL;
 
 	if (!str_len) {
 		str_len = strlen(str);
 	}
-	retval = ZEND_STRTOL(str, NULL, 0);
-	if (str_len>0) {
-		switch (str[str_len-1]) {
-			case 'g':
-			case 'G':
-				retval *= 1024;
-				/* break intentionally missing */
-			case 'm':
-			case 'M':
-				retval *= 1024;
-				/* break intentionally missing */
-			case 'k':
-			case 'K':
-				retval *= 1024;
-				break;
-		}
+
+	/* Ignore trailing whitespace */
+	while (str_len && ZEND_IS_WHITESPACE(str[str_len-1])) --str_len;
+	if (!str_len) return 0;
+
+	/* Parse integral portion */
+	retval = ZEND_STRTOL(str, &end, 0);
+
+	if (!(end - str)) {
+		zend_error(E_WARNING, "Invalid numeric string '%.*s', no valid leading digits, interpreting as '0'",
+						(int)str_len, str);
+		return 0;
 	}
+
+	/* Allow for whitespace between integer portion and any suffix character */
+	while (ZEND_IS_WHITESPACE(*end)) ++end;
+
+	/* No exponent suffix. */
+	if (!*end) return retval;
+
+	switch (str[str_len-1]) {
+		case 'g':
+		case 'G':
+			retval *= 1024;
+			/* break intentionally missing */
+		case 'm':
+		case 'M':
+			retval *= 1024;
+			/* break intentionally missing */
+		case 'k':
+		case 'K':
+			retval *= 1024;
+			break;
+		default:
+			/* Unknown suffix */
+			zend_error(E_WARNING, "Invalid numeric string '%.*s', interpreting as '%.*s'",
+						(int)str_len, str, (int)(end - str), str);
+			return retval;
+	}
+
+	if (end < (str + str_len - 1)) {
+		/* More than one character in suffix */
+		zend_error(E_WARNING, "Invalid numeric string '%.*s', interpreting as '%.*s%c'",
+						(int)str_len, str, (int)(end - str), str, str[str_len-1]);
+	}
+
 	return retval;
 }
 /* }}} */
@@ -3007,7 +3017,7 @@ ZEND_API zend_uchar ZEND_FASTCALL _is_numeric_string_ex(const char *str, size_t
 
 	/* Skip any whitespace
 	 * This is much faster than the isspace() function */
-	while (*str == ' ' || *str == '\t' || *str == '\n' || *str == '\r' || *str == '\v' || *str == '\f') {
+	while (ZEND_IS_WHITESPACE(*str)) {
 		str++;
 		length--;
 	}
