From: morten_odegaard at broadpark dot no Operating system: Linux (redhat 7.3) PHP version: 4.3.4 PHP Bug Type: Reproducible crash Bug description: number_format() is having trouble with large numbers. Can segfault Apache.
Description: ------------ number_format() seems to be having problems with large numbers. I've found two different bugs, where one can segfault Apache. They are tested on both 4.3.4 and 5.0RC1 on Linux, and 4.3.4 on Windows. Bugs happens in all of them. -- Calling the function on numbers higher than (and including) 1e71, it will display a wrong result. Some numbers will have one 0 replaced with a 7, while some will be a digit too short, but be very close to the number it is supposed to show. -- When calling number_format() on numbers bigger than (and including) 1e80, it will either return nothing or crash, depending on the 'decimals' parameter. If 'decimals' is bigger then 0, then it will return nothing. If 'decimals' is lower then 1, Apache will segfault. Reproduce code: --------------- $ php -r "echo number_format(1e71, 0, '', ' ');" 100 000 000 000 000 070 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 $ php -r "echo number_format(1e72, 0, '', ' ');" 999 999 999 999 999 600 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 $ php -r "echo number_format(1e80, 3, '', ' ');" $ php -r "echo number_format(1e80, 0, '', ' ');" Segmentation fault Expected result: ---------------- 100 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 1 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 10 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000.000 10 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 Actual result: -------------- Bug 1: Wrong numbers, as shown above. Bug 2: Nothing or a segfault, as show above. -- Edit bug report at http://bugs.php.net/?id=27678&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=27678&r=trysnapshot4 Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=27678&r=trysnapshot5 Fixed in CVS: http://bugs.php.net/fix.php?id=27678&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=27678&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=27678&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=27678&r=needscript Try newer version: http://bugs.php.net/fix.php?id=27678&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=27678&r=support Expected behavior: http://bugs.php.net/fix.php?id=27678&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=27678&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=27678&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=27678&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=27678&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=27678&r=dst IIS Stability: http://bugs.php.net/fix.php?id=27678&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=27678&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=27678&r=float
