Fix bug #62112: number_format() is not binary safe

The bug report actually urges PHP 5.3's behavior to be
reinstated -- that is, make "\0", when used as a separator,
be the same as no separator at all. I believe that is not a
proper course of action and that "\0" being interpreted as
no seperator was a bug in PHP 5.3.

Using "" for no separator, in both 5.3 and 5.4, before and
after this change, causes no separator to be used, so
there is no functionality loss.

diff --git a/NEWS b/NEWS
index c8aa2089057aeadd8b48fb2d78078c48b9c78b82..326504fd72a3d7ddb84446296c16e4307d483075 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -17,6 +17,7 @@ PHP                                                                        NEWS
 
 - Core:
   . Fixed missing bound check in iptcparse(). (chris at chiappa.net)
+  . Fixed bug #62112 (number_format() is not binary safe). (Gustavo)
   . Fixed bug #62005 (unexpected behavior when incrementally assigning to a 
     member of a null object). (Laruence)
   . Fixed bug #61998 (Using traits with method aliases appears to result in

diff --git a/ext/standard/math.c b/ext/standard/math.c
index 65187f6fa10f32832c23359eae2a12f9a3516c34..b3e8c6f086c0ef81ef3a84c17749a0c65afa6e40 100644 (file)
--- a/ext/standard/math.c
+++ b/ext/standard/math.c
@@ -1097,7 +1097,9 @@ PHPAPI char *_php_math_number_format(double d, int dec, char dec_point, char tho
        return _php_math_number_format_ex(d, dec, &dec_point, 1, &thousand_sep, 1);
 }
 
-PHPAPI char *_php_math_number_format_ex(double d, int dec, char *dec_point, size_t dec_point_len, char *thousand_sep, size_t thousand_sep_len)
+static char *_php_math_number_format_ex_len(double d, int dec, char *dec_point,
+               size_t dec_point_len, char *thousand_sep, size_t thousand_sep_len,
+               int *result_len)
 {
        char *tmpbuf = NULL, *resbuf;
        char *s, *t;  /* source, target */
@@ -1205,8 +1207,19 @@ PHPAPI char *_php_math_number_format_ex(double d, int dec, char *dec_point, size
 
        efree(tmpbuf);
        
+       if (result_len) {
+               *result_len = reslen;
+       }
+
        return resbuf;
 }
+
+PHPAPI char *_php_math_number_format_ex(double d, int dec, char *dec_point,
+               size_t dec_point_len, char *thousand_sep, size_t thousand_sep_len)
+{
+       return _php_math_number_format_ex_len(d, dec, dec_point, dec_point_len,
+                       thousand_sep, thousand_sep_len, NULL);
+}
 /* }}} */
 
 /* {{{ proto string number_format(float number [, int num_decimal_places [, string dec_seperator, string thousands_seperator]])
@@ -1241,7 +1254,10 @@ PHP_FUNCTION(number_format)
                        thousand_sep_len = 1;
                }
 
-               RETURN_STRING(_php_math_number_format_ex(num, dec, dec_point, dec_point_len, thousand_sep, thousand_sep_len), 0);
+               Z_TYPE_P(return_value) = IS_STRING;
+               Z_STRVAL_P(return_value) = _php_math_number_format_ex_len(num, dec,
+                               dec_point, dec_point_len, thousand_sep, thousand_sep_len,
+                               &Z_STRLEN_P(return_value));
                break;
        default:
                WRONG_PARAM_COUNT;

diff --git a/ext/standard/tests/math/bug62112.phpt b/ext/standard/tests/math/bug62112.phpt
new file mode 100644 (file)
index 0000000..01de35a
Binary files /dev/null and b/ext/standard/tests/math/bug62112.phpt differ