ID: 21523 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: Verified +Status: Analyzed Bug Type: Strings related Operating System: Windows 2000 PHP Version: 4.3.0 New Comment:
sprintf under win32 can crash when the format width is too large. Changing the emalloc + sprintf to spprintf highlights a problem in our spprintf implementation; it only returns a string of 80 chars. This length causes the reslen calculation to produce a negative number and thus emalloc to fail. Previous Comments: ------------------------------------------------------------------------ [2003-01-09 06:20:14] [EMAIL PROTECTED] I have tried to reproduce this error on windows and linux: Windows XP professional + php 4.3.0: bug reproduced FATAL: emalloc(): Unable to allocate -207 bytes Linux Redhat 7.0 + php 4.3.0 bug NOT reproduced. the script works well. only windows systems seems to be affected by the bug ------------------------------------------------------------------------ [2003-01-09 06:15:25] [EMAIL PROTECTED] Verified under WIN32. ------------------------------------------------------------------------ [2003-01-09 06:05:50] [EMAIL PROTECTED] I can't reproduce this error under Linux, FreeBSD. ------------------------------------------------------------------------ [2003-01-08 13:05:47] [EMAIL PROTECTED] When the following line is run: echo number_format(2, 2678); The following error appears in the Apache error log: FATAL: emalloc(): Unable to allocate -1112 bytes -259 and -123 have also appeared. Clearly I accidentally used number_format in the reverse direction that I meant to. However, it seems like whatever is requesting memory for number_format is experiencing integer overflow. That doesn't seem right. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=21523&edit=1
