ini_parse_quantity() fails to parse inputs starting with 0x0b

[plstand]

Description

Since d229a48 (#11910), zend_ini_parse_quantity_internal() rejects inputs in which 0x/0o/0b is followed by whitespace, a sign, or 0x/0o/0b, in order to prevent inputs such as 0x0x12 from being accepted as valid (see #11876). Unfortunately, while 0x and 0o cannot follow a base prefix within valid input, 0b can start a valid hexadecimal number with one leading zero, and such inputs are no longer accepted.

As a suggested fix, zend_ini_consume_quantity() could be changed to not recognize "0b" or "0B", as ZEND_STRTOUL() should not recognize it (at least in the "C" locale). Better yet, do away with that function entirely and also fix #16886. Just check that a whitespace character, +, -, "0x", or "0X" does not immediately follow the base prefix (or check if the first two digits are valid for the base, or at least for hexadecimal). If the first digit is invalid, parsing should not continue (as is the case now), though if the second digit is invalid, the error should be reported as an unknown suffix (if last character) or as more than one character in suffix (if not last character) for consistency with how an invalid second digit is reported in the usual case.

The following code:

<?php
echo ini_parse_quantity('0x0b'), "\n";
echo ini_parse_quantity('-0x0B'), "\n";
echo ini_parse_quantity('0x0beef'), "\n";
echo ini_parse_quantity('-0x0BEEF'), "\n";

Resulted in this output:

Warning: Invalid quantity "0x0b": no digits after base prefix, interpreting as "0" for backwards compatibility in /home/ki/Documents/Scratchpad/test_parse_quantity_prefixes2.php on line 2
0

Warning: Invalid quantity "-0x0B": no digits after base prefix, interpreting as "0" for backwards compatibility in /home/ki/Documents/Scratchpad/test_parse_quantity_prefixes2.php on line 3
0

Warning: Invalid quantity "0x0beef": no digits after base prefix, interpreting as "0" for backwards compatibility in /home/ki/Documents/Scratchpad/test_parse_quantity_prefixes2.php on line 4
0

Warning: Invalid quantity "-0x0BEEF": no digits after base prefix, interpreting as "0" for backwards compatibility in /home/ki/Documents/Scratchpad/test_parse_quantity_prefixes2.php on line 5
0

But I expected this output instead:

11
-11
48879
-48879

PHP Version

PHP 8.5.0-dev

Operating System

No response

[cmb69]

Yeah, that looks like an inadvertent behavioral change. @Girgias, thoughts?

[Girgias]

I agree this is unintentional BC break, if someone is happy to "properly" implement a version of ZEND_STRTOUL() that accepts 0b, 0o, and 0x prefixes that would be nice. As that would probably fix most issues accross the codebase.

[MarcusXavierr]

So the best approach is to change this macro that calls libc functions to call something that doesn't not break compatibility and also can work with 0b and the other prefixes?

php-src/Zend/zend_long.h

Lines 67 to 80 in 01093b7

	# define ZEND_STRTOUL(s0, s1, base) _strtoui64((s0), (s1), (base))
	# define ZEND_STRTOL_PTR _strtoi64
	# define ZEND_STRTOUL_PTR _strtoui64
	# define ZEND_ABS _abs64
	# else
	# define ZEND_LTOA(i, s, len) \
	do { \
	int st = snprintf((s), (len), ZEND_LONG_FMT, (i)); \
	(s)[st] = '\0'; \
	} while (0)
	# define ZEND_ATOL(s) atoll((s))
	# define ZEND_STRTOL(s0, s1, base) strtoll((s0), (s1), (base))
	# define ZEND_STRTOUL(s0, s1, base) strtoull((s0), (s1), (base))
	# define ZEND_STRTOL_PTR strtoll

[Girgias]

I don't know if the ZEND_ATOL() or ZEND_LTOA() macro needs to be fixed, but yes, this is what I think we should do.

Would also remove the double 0x0x support, which is a bit dumb.