diff options
| -rw-r--r-- | NEWS | 1 | ||||
| -rw-r--r-- | ext/standard/math.c | 20 | ||||
| -rw-r--r-- | ext/standard/tests/math/bug62112.phpt | bin | 0 -> 143 bytes |
3 files changed, 19 insertions, 2 deletions
@@ -17,6 +17,7 @@ PHP NEWS - Core: . Fixed missing bound check in iptcparse(). (chris at chiappa.net) + . Fixed bug #62112 (number_format() is not binary safe). (Gustavo) . Fixed bug #62005 (unexpected behavior when incrementally assigning to a member of a null object). (Laruence) . Fixed bug #61998 (Using traits with method aliases appears to result in diff --git a/ext/standard/math.c b/ext/standard/math.c index 65187f6fa1..b3e8c6f086 100644 --- a/ext/standard/math.c +++ b/ext/standard/math.c @@ -1097,7 +1097,9 @@ PHPAPI char *_php_math_number_format(double d, int dec, char dec_point, char tho return _php_math_number_format_ex(d, dec, &dec_point, 1, &thousand_sep, 1); } -PHPAPI char *_php_math_number_format_ex(double d, int dec, char *dec_point, size_t dec_point_len, char *thousand_sep, size_t thousand_sep_len) +static char *_php_math_number_format_ex_len(double d, int dec, char *dec_point, + size_t dec_point_len, char *thousand_sep, size_t thousand_sep_len, + int *result_len) { char *tmpbuf = NULL, *resbuf; char *s, *t; /* source, target */ @@ -1205,8 +1207,19 @@ PHPAPI char *_php_math_number_format_ex(double d, int dec, char *dec_point, size efree(tmpbuf); + if (result_len) { + *result_len = reslen; + } + return resbuf; } + +PHPAPI char *_php_math_number_format_ex(double d, int dec, char *dec_point, + size_t dec_point_len, char *thousand_sep, size_t thousand_sep_len) +{ + return _php_math_number_format_ex_len(d, dec, dec_point, dec_point_len, + thousand_sep, thousand_sep_len, NULL); +} /* }}} */ /* {{{ proto string number_format(float number [, int num_decimal_places [, string dec_seperator, string thousands_seperator]]) @@ -1241,7 +1254,10 @@ PHP_FUNCTION(number_format) thousand_sep_len = 1; } - RETURN_STRING(_php_math_number_format_ex(num, dec, dec_point, dec_point_len, thousand_sep, thousand_sep_len), 0); + Z_TYPE_P(return_value) = IS_STRING; + Z_STRVAL_P(return_value) = _php_math_number_format_ex_len(num, dec, + dec_point, dec_point_len, thousand_sep, thousand_sep_len, + &Z_STRLEN_P(return_value)); break; default: WRONG_PARAM_COUNT; diff --git a/ext/standard/tests/math/bug62112.phpt b/ext/standard/tests/math/bug62112.phpt Binary files differnew file mode 100644 index 0000000000..01de35a9c5 --- /dev/null +++ b/ext/standard/tests/math/bug62112.phpt |