pollita

Sara Golemon

Contents

PHP RFC: Fix overflow in octal parsing

Introduction

Parsing of Octal (base 8) numbers contained in an interpolated string currently matches the pattern \\[0-7]{1,3}, that is a backslash followed by between one and three octits (numbers with an ordinal value between zero and seven). However, in order for a 3 octit number to fit within the space of a single character (one byte), the first octit is actually limited to base 4 (values from 0 to 3).

Currently, PHP does not guard against an overflow in the first octit of a 3 octit octal value, instead allowing the value to silently overflow without warning. Thus “\000” === “\400”, “\100” === “\500”, “\200” === “\600”, and “\300” === “\700”, and so on…

Proposal

This RFC seeks to decide which approach to take in addressing this undesired behavior.

  1. Do nothing. Some terrible application is relying on this behavior and there's no burning need to fix it.
  2. Retain the current overflow behavior, but raise a compile-time warning “Octal escape sequence overflow {} is greater than \\377”
  3. Limit octal numbers to \\[0-3]?[0-7]{0,2} meaning that sequences like “\456” would be parsed as octal 45 (decimal 37, e.g. a '%' character) followed by a literal 6

Options 2 and 3 may involve a deprecation/warning period followed by a permanent change.

Update: Between minimal comment and a lack of severity of this case. I've opted to initiate a vote for option 2. Produce a compile-time warning about value overflow.

Backward Incompatible Changes

New compile-time warning is raised on overflow during interpolation.

Proposed PHP Version(s)

7.1

References

Votes

An option needs 50%+1 votes to win

Raise warning on octal interpolation overflow? (97.4% approved)
User Vote
ajf No
bwoebi Yes
cmb Yes
colinodell Yes
daverandom Yes
davey Yes
derick Yes
francois Yes
galvao Yes
guilhermeblanco Yes
jhdxr Yes
kalle Yes
kguest Yes
kinncj Yes
leigh Yes
lstrojny Yes
malukenho Yes
mariano Yes
mbeccati Yes
mcmic Yes
mgocobachi Yes
mightyuhu Yes
nikic Yes
ocramius Yes
pierrick Yes
pollita Yes
rasmus Yes
rdohms Yes
rmf Yes
sammyk Yes
santiagolizardo Yes
svpernova09 Yes
thorstenr Yes
till Yes
treffynnon Yes
trowski Yes
yohgaki Yes
zimt Yes