From 786bd88158e8243214f80455785d1456a301a567 Mon Sep 17 00:00:00 2001 From: Reeze Xia Date: Tue, 17 Jul 2012 23:01:20 +0800 Subject: [PATCH] Fix test fails: ext/standard/tests/general_functions/bug27678.phpt After commit 3e62aae1, number_format() returns string with length, but _php_math_number_format_ex_len() didn't set string length on nan and inf. This cause segfault when destruct the return value. --- ext/standard/math.c | 4 ++++ ext/standard/tests/general_functions/bug27678.phpt | 4 +++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/ext/standard/math.c b/ext/standard/math.c index b3e8c6f086c0e..6e934a3857a7c 100644 --- a/ext/standard/math.c +++ b/ext/standard/math.c @@ -1120,6 +1120,10 @@ static char *_php_math_number_format_ex_len(double d, int dec, char *dec_point, tmplen = spprintf(&tmpbuf, 0, "%.*F", dec, d); if (tmpbuf == NULL || !isdigit((int)tmpbuf[0])) { + if (result_len) { + *result_len = tmplen; + } + return tmpbuf; } diff --git a/ext/standard/tests/general_functions/bug27678.phpt b/ext/standard/tests/general_functions/bug27678.phpt index 5db5890a1ce5b..6f95509e14efe 100644 --- a/ext/standard/tests/general_functions/bug27678.phpt +++ b/ext/standard/tests/general_functions/bug27678.phpt @@ -6,9 +6,11 @@ Bug #27678 (number_format() crashes with large numbers) number_format(1e80, 0, '', ' '); number_format(1e300, 0, '', ' '); number_format(1e320, 0, '', ' '); -number_format(1e1000, 0, '', ' '); +$num = number_format(1e1000, 0, '', ' '); +var_dump(strlen($num) == 3); // $num == 'inf' echo "Done\n"; ?> --EXPECT-- +bool(true) Done