Red Hat Bugzilla – Bug 158096
FC3 PHP bitwise operations on large integers fails
Last modified: 2007-11-30 17:11:06 EST
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Description of problem:
PHP versions under FC3 (current update php-4.3.11-2.5.i386.rpm, or any 4.3.X/5.0.X version I've compiled by hand) seem to provide incorrect results on bitwise operations for large integers as compared to the same versions under FC2 (or FC1 and RHES3 which I've tried also).
While I understand that the behaviour of these operation on large (>32bit) integers is supposed to be "undefined", it works correctly on past FC releases and other distros other then FC3. Correct results can be obtained using PHP's GMP commands, however most existing scripts (especially encyption libs) don't make use of this additional command set. Seems that scripts for encryption and compression are most effected.
I'm not sure if this bug is releated in some way to #143514 (closed), but it certainly could be.
Sorry if this has been reported, I couldn't find anything other then the bug referenced which has been closed.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. echo '<?php echo (-3281063054 & 3); ?>' | /usr/bin/php -q
Actual Results: Produces a "0" under FC3
Expected Results: Prodces the correct answer of "2" under FC2, FC1 and RHES3.
For some reason my submission isn't including the product information:
Product Fedora Core
Since Zend will convert the number into a 32-bit integer to do the bitwise "and"
there has to be some choice of how to cope with integer overflow.
In 4.3.10 and previous 4.3.11-based FC3 updates, the behaviour was to truncate.
Previously, and again in the latest update, it is to rely on the underlying
behaviour of integer oveflow in C (which is strictly undefined in most cases,
but in practice will wrap).
There do exist a number of scripts which rely on the original (and now, current)
behaviour, so we've reverted the patch to maintain the behaviour chosen upstream.
Having language behaviour which is compatible with upstream is really more
important than making some "correct" choice; so I'm marking this WONTFIX. The
real answer is exactly that which you suggest: scripts should not rely on *any*
behaviour on integer overflow - and should use GMP for such operations.