From 4e45466d9e905e27c59bdcf3e1922cc530c92ae6 Mon Sep 17 00:00:00 2001 From: Sven Slootweg Date: Wed, 23 Oct 2013 20:57:52 +0200 Subject: [PATCH] Patch for integer overflow when auto-casting in a PDO query. --- include.mysql.php | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/include.mysql.php b/include.mysql.php index 77144b8..1ef5a39 100644 --- a/include.mysql.php +++ b/include.mysql.php @@ -47,8 +47,16 @@ class CachedPDO extends PDO { /* PDO library apparently thinks it's part of a strongly typed language and doesn't do any typecasting. * We'll do it ourselves then. */ - $value = (int) $value; - $type = PDO::PARAM_INT; + $int_value = (int) $value; + + if($int_value < PHP_INT_MAX) + { + /* We only want to cast to integer if the result doesn't exceed INT_MAX, to avoid overflows. The + * only way to do this appears to be aborting when it *equals* or exceeds INT_MAX, as an overflow + * would occur during this check also. */ + $value = $int_value; + $type = PDO::PARAM_INT; + } } if($type == PDO::PARAM_STR)