Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:113350 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 50361 invoked from network); 3 Mar 2021 15:46:24 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 3 Mar 2021 15:46:24 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 2227C1804F4 for ; Wed, 3 Mar 2021 07:36:55 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-0.7 required=5.0 tests=BAYES_05,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=no autolearn_force=no version=3.4.2 X-Spam-Virus: No X-Envelope-From: Received: from mail-io1-f44.google.com (mail-io1-f44.google.com [209.85.166.44]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Wed, 3 Mar 2021 07:36:54 -0800 (PST) Received: by mail-io1-f44.google.com with SMTP id n132so14315678iod.0 for ; Wed, 03 Mar 2021 07:36:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=benramsey.com; s=google; h=from:mime-version:subject:date:references:to:in-reply-to:message-id; bh=a61A+h4XvpsNT/Zc8tKTrEfsFZuv17NDFBVEWw3Fe/Y=; b=SZgwpKzwkgWcvrnKK5SnHKj2w8tcyfGuAN42p4kjmMF4NH+kyQ/XXirrkzGujVzyyh sTdeAIgq9IwC1Wf4OzoTJc2kAq93H82zDS7F52JjcFqw+5O3DaqpPPATnAekk4Z/LMHo 4SO8VnC4cUEM7aT8nXTqmlCAaiaRztykAJhbj+tykz4g33Z/0g2sx5NE/gO/HUqdwMoQ 3lgiGPuUmKwhfdUhAMIm1Pu3pMJBqTlbWzOp6A+IkG/4KjoXH3tE2SPwqq2P9ifzRQMV JnL1gWDq+OZ1uJDDe1zgbu8Cz/i/HEXtfp+vxpBFwVaixzhMGZycNfDZvVbU4mdNQDRG XysA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:subject:date:references:to :in-reply-to:message-id; bh=a61A+h4XvpsNT/Zc8tKTrEfsFZuv17NDFBVEWw3Fe/Y=; b=n0jT20VBJGG7CW2Y2ArMbkhi4Ace8kp4HbJnkiLI3X0Ahy/Fl7MB4fseLF2vfi6yR0 TpwZcmmrF0B9+x+UP/DyNAByZwXKU27aEEu8uaEuy5Y4+ENnsCfuP4EUWsYafdTxjQe6 8XvSiusYoO0x0F1UYvV6wSp4TAMX6NauFaXBXj/5uPv3RpoqjiisHRpjTX4Wh9UxSY8q z/4wAy4xJV2whiw6fCv4loNgy27EepcEFPcdBuK/jUa+AYmc0ZJp2+uxd8FHpNj/5MGN pDUwtIRPVmcvRa3rLjRToIfeujbwLEQkCM020ar+HQUQqLsmGKHpzwVHekA6iN2QG6ne WQPg== X-Gm-Message-State: AOAM5303VS1yE5PP9VmLYWJe8YUtBswjPEEtgVHTQDrGGsqVonVV82+q KjIws97AmWhAAOHKH9unGjoHthSQYJCaag== X-Google-Smtp-Source: ABdhPJzaTbGkwHMmXHo8ogtnRd/3HMU+Y76r223O+/cYQUYsS3JvXWcNHK1wY9tgX88HFSOVHSFP9A== X-Received: by 2002:a6b:d01a:: with SMTP id x26mr22872119ioa.11.1614785811281; Wed, 03 Mar 2021 07:36:51 -0800 (PST) Received: from [10.20.42.124] ([96.61.105.82]) by smtp.gmail.com with ESMTPSA id d12sm12110190ila.71.2021.03.03.07.36.50 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 03 Mar 2021 07:36:50 -0800 (PST) Content-Type: multipart/signed; boundary="Apple-Mail=_DFC1F853-B97C-4DA0-9D75-AD913AB84F8E"; protocol="application/pgp-signature"; micalg=pgp-sha256 Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\)) Date: Wed, 3 Mar 2021 09:36:49 -0600 References: To: PHP internals In-Reply-To: Message-ID: <24AAE646-160C-451D-BCAB-F112623D17A7@benramsey.com> X-Mailer: Apple Mail (2.3608.120.23.2.4) Subject: Re: [PHP-DEV] Don't compare zero exponentials in strings as equal From: ben@benramsey.com (Ben Ramsey) --Apple-Mail=_DFC1F853-B97C-4DA0-9D75-AD913AB84F8E Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > On Mar 3, 2021, at 08:04, Nikita Popov wrote: >=20 > Hi internals, >=20 > PHP's =3D=3D comparison semantics for strings have a peculiar = edge-case, where > comparisons of the form "0e123" =3D=3D "0e456" return true, because = they are > interpreted as floating point zero numbers. This is problematic, = because > strings of that form are usually not numbers, but hex-encoded hashes = or > similar. >=20 > I'm wondering if it may make sense to special-case the comparison = semantics > to not consider strings of the form "0e[DIGITS]" equal, unless they = are > exactly equal (i.e., fall back to lexicographical if both sides of the > comparison are zero exponentials). >=20 > Here's a possible implementation: = https://github.com/php/php-src/pull/6749 >=20 > Of course, the usual rule that you should always use =3D=3D=3D still = holds, but > this at least eliminates the most dangerous edge case. I encountered a similar situation a few years back. We were testing whether a value was numeric and, if so, adding 0 to it = in order to convert it to an appropriate number type. The code looked = something like this: if (is_numeric($value)) { $value +=3D 0; } We chose not to do an explicit cast because the string could represent a = float or an int, so we wanted the type coercion to do its magic. We did this before calling `json_encode()` on the data structure, so = that string numbers coming out of a database would be converted to = numbers in JSON. For some reason, `JSON_NUMERIC_CHECK` wasn=E2=80=99t = giving us what we wanted, but I can=E2=80=99t recall the issue we were = having. Anyway, we ran into some fun issues with hashes that looked like this: '131124826899e4096767887418316466' That value should have remained a string in the JSON output, but = `is_numeric()` returns `true` for it, so it became `INF`. We were able to come up with a work-around, but it=E2=80=99s not = foolproof. Cheers, Ben --Apple-Mail=_DFC1F853-B97C-4DA0-9D75-AD913AB84F8E Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iHUEAREIAB0WIQToXQMR3fpbrPOmEOewLZeYnIwHGwUCYD+tEQAKCRCwLZeYnIwH GySJAP90Tt+1vJkFwb0GdVKHRIwIKt+nP5PU5saOd68G7D/iDQD8Dm4U05ezA2zZ lhbnvrLujQmmlvKMWCDPTgKuUtfBxO4= =bsnu -----END PGP SIGNATURE----- --Apple-Mail=_DFC1F853-B97C-4DA0-9D75-AD913AB84F8E--