Fix more segfaults in range function

[tpunt]

The segfaults are caused by precision loss of large longs being converted to doubles when the step parameter is a double. The for loops continue infinitely since the step being added/subtracted upon each iteration is too small to be represented accurately as a double.

The segfaults can be reproduced with:

var_dump(count(range(PHP_INT_MIN, PHP_INT_MIN + 513, .01)));
var_dump(count(range(PHP_INT_MIN + 513, PHP_INT_MIN, .01)));

This fixes Bug #71197

[weltling]

@tpunt, good catch! So you think there's really no chance to fix the pre-condition? As adding one more condition to the loop which can have many iterations doesn't look nice. I haven't look deep, but there should be a way to have a formula like for highest/lowest value to double check, just for the case.

Thanks.

[tpunt]

I've refactored the patch so that the range of values are calculated from the array size calculation (rather than checking the intermediary value calculated upon each iteration). This seems to be the cleanest way to do this, and has the added benefit of removing the need for the DOUBLE_DRIFT_FIX constant.

Thanks,
Tom

[jpauli]

Dups with #1677 ?

[tpunt]

@jpauli These two segfaults occur in the area of code that handle doubles. #1677 segfaults occur in the area of code that handles longs.

[jpauli]

Ok thx for details

[weltling]

Ok, so __calc_size dosen't need to go out of scope anymore.

[tpunt]

Correct. I'll rectify that now (as well as in PR #1677).

[weltling]

@tpunt can we merge them please? It is the same function, so it'll be easier for having an overview.

Thanks.

[weltling]

I mean merge two PRs into one :)

Thanks.

[tpunt]

Ok, I'll merge them now and submit a new PR.

[tpunt]

Superseded by PR #1695.