Revert "ext/gmp: gmp_pow fix FPE with large values."

devnexen · devnexen · commit 45140e527f4e · 2024-11-27T19:52:04.000Z
This reverts commit e0a0e21.
diff --git a/NEWS b/NEWS
@@ -134,8 +134,6 @@ PHP                                                                        NEWS
   . Fixed bug GH-16411 (gmp_export() can cause overflow). (cmb)
   . Fixed bug GH-16501 (gmp_random_bits() can cause overflow).
     (David Carlier)
-  . Fixed gmp_pow() overflow bug with large base/exponents.
-    (David Carlier)
   . Fixed segfaults and other issues related to operator overloading with
     GMP objects. (Girgias)
 
diff --git a/ext/gmp/gmp.c b/ext/gmp/gmp.c
@@ -1350,27 +1350,39 @@ ZEND_FUNCTION(gmp_pow)
 		RETURN_THROWS();
 	}
 
-    double powmax = log((double)ZEND_LONG_MAX);
-
 	if (Z_TYPE_P(base_arg) == IS_LONG && Z_LVAL_P(base_arg) >= 0) {
 		INIT_GMP_RETVAL(gmpnum_result);
-		if ((log(Z_LVAL_P(base_arg)) * exp) > powmax) {
-			zend_value_error("base and exponent overflow");
-			RETURN_THROWS();
+		if (exp >= INT_MAX) {
+			mpz_t base_num, exp_num, mod;
+			mpz_init(base_num);
+			mpz_init(exp_num);
+			mpz_init(mod);
+			mpz_set_si(base_num, Z_LVAL_P(base_arg));
+			mpz_set_si(exp_num, exp);
+			mpz_set_ui(mod, UINT_MAX);
+			mpz_powm(gmpnum_result, base_num, exp_num, mod);
+			mpz_clear(mod);
+			mpz_clear(exp_num);
+			mpz_clear(base_num);
+		} else {
+			mpz_ui_pow_ui(gmpnum_result, Z_LVAL_P(base_arg), exp);
 		}
-		mpz_ui_pow_ui(gmpnum_result, Z_LVAL_P(base_arg), exp);
 	} else {
 		mpz_ptr gmpnum_base;
-		zend_ulong gmpnum;
 		FETCH_GMP_ZVAL(gmpnum_base, base_arg, temp_base, 1);
 		INIT_GMP_RETVAL(gmpnum_result);
-		gmpnum = mpz_get_ui(gmpnum_base);
-		if ((log(gmpnum) * exp) > powmax) {
-			FREE_GMP_TEMP(temp_base);
-			zend_value_error("base and exponent overflow");
-			RETURN_THROWS();
+		if (exp >= INT_MAX) {
+			mpz_t exp_num, mod;
+			mpz_init(exp_num);
+			mpz_init(mod);
+			mpz_set_si(exp_num, exp);
+			mpz_set_ui(mod, UINT_MAX);
+			mpz_powm(gmpnum_result, gmpnum_base, exp_num, mod);
+			mpz_clear(mod);
+			mpz_clear(exp_num);
+		} else {
+			mpz_pow_ui(gmpnum_result, gmpnum_base, exp);
 		}
-		mpz_pow_ui(gmpnum_result, gmpnum_base, exp);
 		FREE_GMP_TEMP(temp_base);
 	}
 }
diff --git a/ext/gmp/tests/gmp_pow.phpt b/ext/gmp/tests/gmp_pow.phpt
@@ -2,8 +2,6 @@
 gmp_pow() basic tests
 --EXTENSIONS--
 gmp
---SKIPIF--
-<?php if (PHP_INT_SIZE != 8) die("skip this test is for 64bit platform only"); ?>
 --FILE--
 <?php
 
diff --git a/ext/gmp/tests/gmp_pow_32bits.phpt b/ext/gmp/tests/gmp_pow_32bits.phpt
diff --git a/ext/gmp/tests/gmp_pow_fpe.phpt b/ext/gmp/tests/gmp_pow_fpe.phpt
@@ -6,30 +6,15 @@ gmp
 <?php
 $g = gmp_init(256);
 
-try {
-	gmp_pow($g, PHP_INT_MAX);
-} catch (\ValueError $e) {
-	echo $e->getMessage() . PHP_EOL;
-}
-try {
-	gmp_pow(256, PHP_INT_MAX);
-} catch (\ValueError $e) {
-	echo $e->getMessage() . PHP_EOL;
-}
-
-try {
-    gmp_pow(gmp_add(gmp_mul(gmp_init(PHP_INT_MAX), gmp_init(PHP_INT_MAX)), 3), 256);
-} catch (\ValueError $e) {
-	echo $e->getMessage() . PHP_EOL;
-}
-try {
-    gmp_pow(gmp_init(PHP_INT_MAX), 256);
-} catch (\ValueError $e) {
-	echo $e->getMessage();
-}
+var_dump(gmp_pow($g, PHP_INT_MAX));
+var_dump(gmp_pow(256, PHP_INT_MAX));
 ?>
 --EXPECTF--
-base and exponent overflow
-base and exponent overflow
-base and exponent overflow
-base and exponent overflow
+object(GMP)#2 (1) {
+  ["num"]=>
+  string(%d) "%s"
+}
+object(GMP)#2 (1) {
+  ["num"]=>
+  string(%d) "%s"
+}
