I never explicitly use floats, I use
number_format() to clean my input and display for example prices.
Also, as far as I am aware, all input from for example forms are strings until I tell them otherwise so I am supposing that this problem does not affect me.
Am I right, or do I need to check for example Wordpress and Squirrelmail installations on my server to see if they cast anything to float? Or better,
grep all php files on my servers for
Ways to mitigate the problem:
- Use a modern CPU. Most modern 64-bit CPUs would be immune (I actually had trouble finding host that allows to reproduce it since they tend to use more modern hardware). Amazon VMs seem to be immune too.
- Upgrade your PHP version - 5.3.5 and 5.2.17 once released (probably today) include the fix.
- Build with
-ffloat-storein CFLAGS (will slow down the code).
- Manually apply the patch to your code and rebuild PHP.
Looking for the code that has
float probably won't help as
zend_strtod is used by the engine in many string->number conversion scenarios.
P.S. this code btw is standard BSD library
strtod code, not unique to PHP. So other projects using this code might be affected too.
The content is written by members of the stackoverflow.com community.
It is licensed under cc-wiki