Skip to content

ipv6 filter integer overflow #18309

Closed
Closed
ipv6 filter integer overflow#18309
Assignees
ndossche
Labels
BugExtension: filterStatus: Verified

Description

@chongwick
chongwick
opened on Apr 11, 2025

Description

The following code:

<?php

const IPV6_COUNT = 100000;
const IPV6_LENGTH = 39;

function generateIPv6(): string {
    $hex = random_bytes(16);
    return '0'. str_replace('.', '', bin2hex($hex)). ':';
}

function validateIPv6($ip): bool {
    return filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)!== false;
}

function testIPv6($ipv6_test): void {
    foreach ($ipv6_test as $ip => $exp) {
        $out = validateIPv6($ip);
        if ($exp!== $out) {
            echo "$ip failed (expected ". ($exp? 'true' : 'false'). ", got ". ($out? 'true' : 'false'). ")\n";
        }
    }
}

$ipv6_test = array_fill_keys(array_map('generateIPv6', range(1, IPV6_COUNT)), true);
testIPv6($ipv6_test);

?>

Resulted in this output:

/nightly_php/php-src/ext/filter/logical_filters.c:827:14: runtime error: signed integer overflow: 146455890 * 16 cannot be represented in type 'int'

PHP Version

nightly

Operating System

ubuntu 22.04

Metadata

Metadata

Assignees

Labels

BugExtension: filterStatus: Verified

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions