Skip to content

ext/intl: Fix NumberFormatter parse offset overflow#22572

Merged
LamentXU123 merged 3 commits into
php:masterfrom
LamentXU123:fix-NumberFormatter-overflow
Jul 3, 2026
Merged

ext/intl: Fix NumberFormatter parse offset overflow#22572
LamentXU123 merged 3 commits into
php:masterfrom
LamentXU123:fix-NumberFormatter-overflow

Conversation

@LamentXU123

Copy link
Copy Markdown
Member

Same as #22423, NumberFormatter::parse() and NumberFormatter::parseCurrency() accepted the by-reference offset as a zend_long, but then cast it directly to int32_t. So it will cause a silent truncation.

<?php
$fmt = new NumberFormatter('en_US', NumberFormatter::DECIMAL);

$offset = PHP_INT_MAX;
var_dump($fmt->parse('123', NumberFormatter::TYPE_DOUBLE, $offset));
var_dump($offset);

returns

float(0)
int(-1)

In order to align with other previous fixes, we throw an error when the number is out of range

Comment thread ext/intl/formatter/formatter_parse.cpp Outdated
Comment thread ext/intl/formatter/formatter_parse.cpp Outdated
@LamentXU123 LamentXU123 merged commit 154881a into php:master Jul 3, 2026
17 of 18 checks passed
@LamentXU123 LamentXU123 deleted the fix-NumberFormatter-overflow branch July 3, 2026 18:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants