Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.9.4

Bug #11616 Incorrect equality operator used when comparing md5 check sums
Submitted: 2007-07-16 13:34 UTC Modified: 2007-08-18 17:00 UTC
From: robham Assigned: robham
Status: Closed Package: PEAR (version 1.6.1)
PHP Version: 5.2.3 OS: Linux
Roadmaps: 1.6.2    
Subscription  


 [2007-07-16 13:34 UTC] robham (Robert Hammond)
Description: ------------ Installer.php file version 1.245, lines 399 and 568 both use the == equality operator to compare md5 check sums. With this operator on certain versions of Linux (and perhaps other operating systems) php will stall if the front part of the md5 string resembles a number/exponent combination such as 79e456. PHP will incorrectly interpret the md5 string as a number and a number this large is out of range and hence the freeze up. On my Linux system the maximum sized number is limited to 1e79, others are system dependant. To correct this the === equality operator should be used. There is a detailed discussion in the message threads located at :- http://www.pear-forum.org/viewtopic.php?p=2461#2461 Test script: --------------- Note the incorrect use of the == operator on line 6. <?php $x = '123e'; $y = 1; while ($y <= 10000) { $z = $x.$y.'abc'; if ("$z" == "$z") { echo $z."\n"; } $y++; } echo "end"; ?>

Comments

 [2007-08-18 17:00 UTC] cellog (Greg Beaver)
This bug has been fixed in CVS. If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET). If this was a problem with the pear.php.net website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better.