ID: 27678 Updated by: [EMAIL PROTECTED] Reported By: morten_odegaard at broadpark dot no Status: Assigned Bug Type: Math related Operating System: * PHP Version: 5CVS, 4CVS (2005-08-19) Assigned To: helly New Comment:
3rd reminder for Marcus: Check this out after Christmas 2005 but before New Year's eve 2005-2006 :) Previous Comments: ------------------------------------------------------------------------ [2005-11-01 11:31:35] [EMAIL PROTECTED] Marcus, can you check this out please? ------------------------------------------------------------------------ [2005-03-30 10:58:49] kameshj at fastmail dot fm Regarding the segfault, In main/snprintf.c:ap_php_cvt has a call to memmove(&buf[mvl], &buf[0], NDIG-mvl-1); NDIG-mvl-1 becomes -1 in the mentioned defect of double being 1e80, decimals 3, dec_sep '' and thousand_sep ' '. As I could see php recognizes a float as hight as 1e308, I feel NDIG should be set accordingly to higher value let us say 310 or 311. ------------------------------------------------------------------------ [2004-12-12 23:52:48] [EMAIL PROTECTED] (gdb) run -r "echo number_format(1e80, 3, '', ' ');" Starting program: /www/php-modules/bin/php -r "echo number_format(1e80, 3, '', ' ');" [New Thread 1087948032 (LWP 31942)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1087948032 (LWP 31942)] 0x4207c0ad in memmove () from /lib/tls/libc.so.6 (gdb) bt #0 0x4207c0ad in memmove () from /lib/tls/libc.so.6 #1 0xbfffd8e8 in ?? () #2 0x08259347 in ap_php_cvt (arg=Cannot access memory at address 0xffffffef ) at /usr/src/web/php/php4/main/snprintf.c:294 Cannot access memory at address 0xffffffff ------------------------------------------------------------------------ [2004-03-24 14:27:01] morten_odegaard at broadpark dot no Description: ------------ number_format() seems to be having problems with large numbers. I've found two different bugs, where one can segfault Apache. They are tested on both 4.3.4 and 5.0RC1 on Linux, and 4.3.4 on Windows. Bugs happens in all of them. -- Calling the function on numbers higher than (and including) 1e71, it will display a wrong result. Some numbers will have one 0 replaced with a 7, while some will be a digit too short, but be very close to the number it is supposed to show. -- When calling number_format() on numbers bigger than (and including) 1e80, it will either return nothing or crash, depending on the 'decimals' parameter. If 'decimals' is bigger then 0, then it will return nothing. If 'decimals' is lower then 1, Apache will segfault. Reproduce code: --------------- $ php -r "echo number_format(1e71, 0, '', ' ');" 100 000 000 000 000 070 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 $ php -r "echo number_format(1e72, 0, '', ' ');" 999 999 999 999 999 600 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 $ php -r "echo number_format(1e80, 3, '', ' ');" $ php -r "echo number_format(1e80, 0, '', ' ');" Segmentation fault Expected result: ---------------- 100 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 1 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 10 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000.000 10 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 Actual result: -------------- Bug 1: Wrong numbers, as shown above. Bug 2: Nothing or a segfault, as show above. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=27678&edit=1
