Merge branch 'PHP-7.1' into PHP-7.2

smalyshev · smalyshev · commit 5fbb0988d139 · 2018-06-04T22:51:38.000-07:00
* PHP-7.1:
  Fix bug #76390 - do not allow invalid strings in range()
diff --git a/ext/standard/array.c b/ext/standard/array.c
@@ -2769,10 +2769,18 @@ PHP_FUNCTION(range)
 	ZEND_PARSE_PARAMETERS_END_EX(RETURN_FALSE);
 
 	if (zstep) {
-		if (Z_TYPE_P(zstep) == IS_DOUBLE ||
-			(Z_TYPE_P(zstep) == IS_STRING && is_numeric_string(Z_STRVAL_P(zstep), Z_STRLEN_P(zstep), NULL, NULL, 0) == IS_DOUBLE)
-		) {
+		if (Z_TYPE_P(zstep) == IS_DOUBLE) {
 			is_step_double = 1;
+		} else if (Z_TYPE_P(zstep) == IS_STRING) {
+			int type = is_numeric_string(Z_STRVAL_P(zstep), Z_STRLEN_P(zstep), NULL, NULL, 0);
+			if (type == IS_DOUBLE) {
+				is_step_double = 1;
+			}
+			if (type == 0) {
+				/* bad number */
+				php_error_docref(NULL, E_WARNING, "Invalid range string - must be numeric");
+				RETURN_FALSE;
+			}
 		}
 
 		step = zval_get_double(zstep);
@@ -2900,6 +2908,10 @@ PHP_FUNCTION(range)
 		}
 
 		lstep = step;
+		if (step <= 0) {
+			err = 1;
+			goto err;
+		}
 
 		Z_TYPE_INFO(tmp) = IS_LONG;
 		if (low > high) { 		/* Negative steps */
diff --git a/ext/standard/tests/array/range_errors.phpt b/ext/standard/tests/array/range_errors.phpt
@@ -27,6 +27,8 @@ var_dump( range(1) );  // No.of args < expected
 var_dump( range(1,2,3,4) );  // No.of args > expected
 var_dump( range(-1, -2, 2) );  
 var_dump( range("a", "j", "z") );
+var_dump( range(0, 1, "140962482048819216326.24") );
+var_dump( range(0, 1, "140962482048819216326.24.") );
 
 echo "\n-- Testing Invalid steps --";
 $step_arr = array( "string", NULL, FALSE, "", "\0" );
@@ -78,11 +80,17 @@ bool(false)
 Warning: range(): step exceeds the specified range in %s on line %d
 bool(false)
 
+Warning: range(): Invalid range string - must be numeric in %s on line %d
+bool(false)
+
 Warning: range(): step exceeds the specified range in %s on line %d
 bool(false)
 
+Warning: range(): Invalid range string - must be numeric in %s on line %d
+bool(false)
+
 -- Testing Invalid steps --
-Warning: range(): step exceeds the specified range in %s on line %d
+Warning: range(): Invalid range string - must be numeric in %s on line %d
 bool(false)
 
 Warning: range(): step exceeds the specified range in %s on line %d
@@ -91,9 +99,9 @@ bool(false)
 Warning: range(): step exceeds the specified range in %s on line %d
 bool(false)
 
-Warning: range(): step exceeds the specified range in %s on line %d
+Warning: range(): Invalid range string - must be numeric in %s on line %d
 bool(false)
 
-Warning: range(): step exceeds the specified range in %s on line %d
+Warning: range(): Invalid range string - must be numeric in %s on line %d
 bool(false)
 Done
