Fix GH-20262: array_unique() SORT_REGULAR fails to deduplicate with mixed strings #20273
+577
−2
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jmarble
force-pushed
the
gh20262-array-unique-sort-regular
branch
from
4102fe6 to
f60a45f
Compare
…h mixed strings array_unique() with SORT_REGULAR was failing to remove duplicate numeric strings when mixed with alphanumeric strings due to non-transitive comparison issues in the sort-based algorithm. Implemented hash-bucketing optimization for SORT_REGULAR that preserves full type coercion semantics while improving performance from O(n²) to O(n). Closes phpGH-20262
jmarble
force-pushed
the
gh20262-array-unique-sort-regular
branch
from
f60a45f to
c4fc6a9
Compare
devnexen
reviewed
Oct 24, 2025
| ZEND_HASH_FOREACH_KEY_VAL(Z_ARRVAL_P(array), num_key, str_key, val) { | ||
| /* Dereference if this is a reference */ | ||
| zval *deref_val = val; | ||
| ZVAL_DEREF(deref_val); |
There was a problem hiding this comment.
nit: might be relevant to add test case for it wdyt ?
There was a problem hiding this comment.
Thanks. This was added after a failed test in the circle jerk, I mean one of the CI checks. There's some other things I felt needed some TLC. Still passing all tests at the moment, but really trying to harden this up.
nielsdos
reviewed
Oct 24, 2025
ext/standard/array.c
Outdated
| } else if (Z_TYPE_P(deref_val) == IS_OBJECT) { | ||
| /* Hash objects by class name */ | ||
| zend_class_entry *ce = Z_OBJCE_P(deref_val); | ||
| hash = zend_string_hash_val(ce->name); |
There was a problem hiding this comment.
How will this interact with inheritance?
There was a problem hiding this comment.
I didn't note any issues with inheritance, but I ultimately found what I feel is a much more conservative approach that's still both performant and correct -- at least in regards to the original bug that was reported.
- Eliminate Hash-DoS and integer overflow vulnerabilities - Add exception handling to prevent memory leaks - Implement type-specific optimizations (hash/sort/bucket) - Dynamic bucket sizing for memory efficiency - Fix resource handling
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The Bug
array_unique()withSORT_REGULARwas failing to remove duplicate numeric strings when mixed with alphanumeric strings:Root Cause
Non-transitive comparisons in
SORT_REGULAR(where'5' == 5and5 != '5abc'but'5' < '5abc') broke the sort-based algorithm's assumption that sorting would group duplicates adjacently.Solution
Implemented type-optimized hybrid approach for
SORT_REGULAR:Three-tier algorithm selection:
Key features:
SORT_REGULARtype coercion semantics (1 == '1' == true)Security Hardening
Performance
Improved performance across all data types compared to PHP 8.4.13 while fixing correctness issues.
Backward Compatibility
Tests Added
gh20262.phpt- Minimal regression test for the bugarray_unique_variation_sort_regular.phpt- Comprehensive SORT_REGULAR behavior coverage (16 scenarios)Closes #20262