Debian Bug report logs - #615025
php5: PHP #52534 - var_export array with negative key

version graph

Package: php5; Maintainer for php5 is (unknown);

Reported by: Jim Salter <debianbugs@jrs-s.net>

Date: Fri, 25 Feb 2011 00:24:02 UTC

Severity: normal

Tags: patch, upstream

Found in version php5/5.3.3-7

Fixed in versions php5/5.3.5-1, 5.4.0-1

Done: Lior Kaplan <kaplan@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#615025; Package php5. (Fri, 25 Feb 2011 00:24:04 GMT) (full text, mbox, link).

Acknowledgement sent to Jim Salter <debianbugs@jrs-s.net>:
New Bug report received and forwarded. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Fri, 25 Feb 2011 00:24:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Jim Salter <debianbugs@jrs-s.net>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: php5: PHP #52534 - var_export array with negative key
Date: Thu, 24 Feb 2011 18:13:23 -0600
Package: php5
Version: 5.3.3-7
Severity: important
Tags: upstream


http://bugs.php.net/52534

[2010-08-04 16:31 UTC] atila dot szekely at gmail dot com
Description:
------------
var_export is exporting negative array key as maxint (64 bit). Example: -1 will be replaced with 18446744073709551615 

Test script:
---------------
$aArray = array ( -1 => 'Hello', 1  => 'World');

$sExported = var_export($aArray,true);

echo $sExported;


Expected result:
----------------
array ( -1 => 'Hello',1 => 'World')

Actual result:
--------------
array ( 18446744073709551615 => 'Hello', 1 => 'World' ) 


Confirmed to exist against PHP 5.3.3-7 in Squeeze.  Has already been fixed in 5.3 branch and trunk upstream.


-- System Information:
Debian Release: 6.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash

Versions of packages php5 depends on:
ii  libapache2-mod-php5           5.3.3-7    server-side, HTML-embedded scripti
ii  php5-common                   5.3.3-7    Common files for packages built fr

php5 recommends no packages.

php5 suggests no packages.

-- no debconf information

Severity set to 'minor' from 'important' Request was from Raphael Geissert <geissert@debian.org> to control@bugs.debian.org. (Fri, 25 Feb 2011 01:27:02 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#615025; Package php5. (Fri, 18 Mar 2011 15:30:12 GMT) (full text, mbox, link).

Acknowledgement sent to Ondřej Surý <ondrej@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Fri, 18 Mar 2011 15:30:12 GMT) (full text, mbox, link).

Message #12 received at 615025@bugs.debian.org (full text, mbox, reply):

From: Ondřej Surý <ondrej@debian.org>
To: Jim Salter <debianbugs@jrs-s.net>, 615025@bugs.debian.org
Cc: control <control@bugs.debian.org>
Subject: Re: [php-maint] Bug#615025: php5: PHP #52534 - var_export array with negative key
Date: Fri, 18 Mar 2011 16:27:35 +0100
severity 615025 normal
fixed 615025 5.3.5-1
thank you

Hi Jim,

this bug was fixed in new upstream version. Unfortunately I don't
think the bug severity it warrants an update to stable since it's not
a security vulnerability.

However Raphael could think otherwise and we may include the fix in
some .point release of squeeze.

Regards,
Ondrej

On Fri, Feb 25, 2011 at 01:13, Jim Salter <debianbugs@jrs-s.net> wrote:
> Package: php5
> Version: 5.3.3-7
> Severity: important
> Tags: upstream
>
>
> http://bugs.php.net/52534
>
> [2010-08-04 16:31 UTC] atila dot szekely at gmail dot com
> Description:
> ------------
> var_export is exporting negative array key as maxint (64 bit). Example: -1 will be replaced with 18446744073709551615
>
> Test script:
> ---------------
> $aArray = array ( -1 => 'Hello', 1  => 'World');
>
> $sExported = var_export($aArray,true);
>
> echo $sExported;
>
>
> Expected result:
> ----------------
> array ( -1 => 'Hello',1 => 'World')
>
> Actual result:
> --------------
> array ( 18446744073709551615 => 'Hello', 1 => 'World' )
>
>
> Confirmed to exist against PHP 5.3.3-7 in Squeeze.  Has already been fixed in 5.3 branch and trunk upstream.
>
>
> -- System Information:
> Debian Release: 6.0
>  APT prefers stable
>  APT policy: (500, 'stable')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 2.6.26-2-amd64 (SMP w/8 CPU cores)
> Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
> Shell: /bin/sh linked to /bin/dash
>
> Versions of packages php5 depends on:
> ii  libapache2-mod-php5           5.3.3-7    server-side, HTML-embedded scripti
> ii  php5-common                   5.3.3-7    Common files for packages built fr
>
> php5 recommends no packages.
>
> php5 suggests no packages.
>
> -- no debconf information
>
>
>
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint@lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-php-maint
>



-- 
Ondřej Surý <ondrej@sury.org>
http://blog.rfc1925.org/

Severity set to 'normal' from 'minor' Request was from Ondřej Surý <ondrej@debian.org> to control@bugs.debian.org. (Fri, 18 Mar 2011 15:30:15 GMT) (full text, mbox, link).

Bug Marked as fixed in versions php5/5.3.5-1. Request was from Ondřej Surý <ondrej@debian.org> to control@bugs.debian.org. (Fri, 18 Mar 2011 15:30:16 GMT) (full text, mbox, link).

Added tag(s) patch. Request was from Lior Kaplan <kaplanlior@gmail.com> to control@bugs.debian.org. (Mon, 20 Feb 2012 23:03:14 GMT) (full text, mbox, link).

Reply sent to Lior Kaplan <kaplan@debian.org>:
You have taken responsibility. (Sat, 28 Sep 2013 17:57:05 GMT) (full text, mbox, link).

Notification sent to Jim Salter <debianbugs@jrs-s.net>:
Bug acknowledged by developer. (Sat, 28 Sep 2013 17:57:05 GMT) (full text, mbox, link).

Message #23 received at 615025-done@bugs.debian.org (full text, mbox, reply):

From: Lior Kaplan <kaplan@debian.org>
To: 615025-done@bugs.debian.org
Subject: closing
Date: Sat, 28 Sep 2013 19:55:10 +0200
[Message part 1 (text/plain, inline)]
Version: 5.4.0-1

Closing as a version with the requested fix by upstream is already
available in stable (wheezy).

Kaplan

[Message part 2 (text/html, inline)]

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 27 Oct 2013 07:28:14 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Jul 2 00:31:05 2023; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.