ID: 27678 Updated by: [EMAIL PROTECTED] Reported By: morten_odegaard at broadpark dot no -Status: Open +Status: Verified -Bug Type: Reproducible crash +Bug Type: Math related -Operating System: Linux (redhat 7.3) +Operating System: Linux (redhat 7.3, 9) -PHP Version: 4.3.8 +PHP Version: 4CVS, 5CVS (2004-12-12) New Comment:
(gdb) run -r "echo number_format(1e80, 3, '', ' ');" Starting program: /www/php-modules/bin/php -r "echo number_format(1e80, 3, '', ' ');" [New Thread 1087948032 (LWP 31942)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1087948032 (LWP 31942)] 0x4207c0ad in memmove () from /lib/tls/libc.so.6 (gdb) bt #0 0x4207c0ad in memmove () from /lib/tls/libc.so.6 #1 0xbfffd8e8 in ?? () #2 0x08259347 in ap_php_cvt (arg=Cannot access memory at address 0xffffffef ) at /usr/src/web/php/php4/main/snprintf.c:294 Cannot access memory at address 0xffffffff Previous Comments: ------------------------------------------------------------------------ [2004-08-22 23:35:21] morten_odegaard at broadpark dot no Well, its now 4.3.8, and the bug still exists, even on 5.* ------------------------------------------------------------------------ [2004-03-24 14:27:01] morten_odegaard at broadpark dot no Description: ------------ number_format() seems to be having problems with large numbers. I've found two different bugs, where one can segfault Apache. They are tested on both 4.3.4 and 5.0RC1 on Linux, and 4.3.4 on Windows. Bugs happens in all of them. -- Calling the function on numbers higher than (and including) 1e71, it will display a wrong result. Some numbers will have one 0 replaced with a 7, while some will be a digit too short, but be very close to the number it is supposed to show. -- When calling number_format() on numbers bigger than (and including) 1e80, it will either return nothing or crash, depending on the 'decimals' parameter. If 'decimals' is bigger then 0, then it will return nothing. If 'decimals' is lower then 1, Apache will segfault. Reproduce code: --------------- $ php -r "echo number_format(1e71, 0, '', ' ');" 100 000 000 000 000 070 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 $ php -r "echo number_format(1e72, 0, '', ' ');" 999 999 999 999 999 600 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 $ php -r "echo number_format(1e80, 3, '', ' ');" $ php -r "echo number_format(1e80, 0, '', ' ');" Segmentation fault Expected result: ---------------- 100 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 1 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 10 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000.000 10 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 Actual result: -------------- Bug 1: Wrong numbers, as shown above. Bug 2: Nothing or a segfault, as show above. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=27678&edit=1
