1--TEST-- 2Hex integer overflow 3--SKIPIF-- 4<?php if (!extension_loaded("filter")) die("skip"); ?> 5--FILE-- 6<?php 7function hex_inc($s) { 8 $len = strlen($s); 9 while ($len > 0) { 10 $len--; 11 if ($s[$len] != 'f') { 12 if ($s[$len] == '9') { 13 $s[$len] = 'a'; 14 } else { 15 $s[$len] = $s[$len] + 1; 16 } 17 return $s; 18 } 19 $s[$len] = '0'; 20 } 21 return '1'.$s; 22} 23 24 25$s = sprintf("%x", PHP_INT_MAX); 26var_dump(is_long(filter_var('0x'.$s, FILTER_VALIDATE_INT, array("flags"=>FILTER_FLAG_ALLOW_HEX)))); 27 28$s = hex_inc($s); 29var_dump(is_long(filter_var('0x'.$s, FILTER_VALIDATE_INT, array("flags"=>FILTER_FLAG_ALLOW_HEX)))); 30 31$s = sprintf("%x", ~0); 32var_dump(is_long(filter_var('0x'.$s, FILTER_VALIDATE_INT, array("flags"=>FILTER_FLAG_ALLOW_HEX)))); 33 34$s = hex_inc($s); 35var_dump(filter_var('0x'.$s, FILTER_VALIDATE_INT, array("flags"=>FILTER_FLAG_ALLOW_HEX))); 36?> 37--EXPECT-- 38bool(true) 39bool(true) 40bool(true) 41bool(false) 42
