From: Gustavo André dos Santos Lopes <cataphract@php.net>
Date: Wed, 23 May 2012 08:56:57 +0000 (+0200)
Subject: Fix bug #62112: number_format() is not binary safe
X-Git-Tag: php-5.4.4RC2~38^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=3e62aae1b456440328af4153524e22679b84f68a;p=php

Fix bug #62112: number_format() is not binary safe

The bug report actually urges PHP 5.3's behavior to be
reinstated -- that is, make "\0", when used as a separator,
be the same as no separator at all. I believe that is not a
proper course of action and that "\0" being interpreted as
no seperator was a bug in PHP 5.3.

Using "" for no separator, in both 5.3 and 5.4, before and
after this change, causes no separator to be used, so
there is no functionality loss.
---

diff --git a/NEWS b/NEWS
index c8aa208905..326504fd72 100644
--- a/NEWS
+++ b/NEWS
@@ -17,6 +17,7 @@ PHP                                                                        NEWS
 
 - Core:
   . Fixed missing bound check in iptcparse(). (chris at chiappa.net)
+  . Fixed bug #62112 (number_format() is not binary safe). (Gustavo)
   . Fixed bug #62005 (unexpected behavior when incrementally assigning to a 
     member of a null object). (Laruence)
   . Fixed bug #61998 (Using traits with method aliases appears to result in
diff --git a/ext/standard/math.c b/ext/standard/math.c
index 65187f6fa1..b3e8c6f086 100644
--- a/ext/standard/math.c
+++ b/ext/standard/math.c
@@ -1097,7 +1097,9 @@ PHPAPI char *_php_math_number_format(double d, int dec, char dec_point, char tho
 	return _php_math_number_format_ex(d, dec, &dec_point, 1, &thousand_sep, 1);
 }
 
-PHPAPI char *_php_math_number_format_ex(double d, int dec, char *dec_point, size_t dec_point_len, char *thousand_sep, size_t thousand_sep_len)
+static char *_php_math_number_format_ex_len(double d, int dec, char *dec_point,
+		size_t dec_point_len, char *thousand_sep, size_t thousand_sep_len,
+		int *result_len)
 {
 	char *tmpbuf = NULL, *resbuf;
 	char *s, *t;  /* source, target */
@@ -1205,8 +1207,19 @@ PHPAPI char *_php_math_number_format_ex(double d, int dec, char *dec_point, size
 
 	efree(tmpbuf);
 	
+	if (result_len) {
+		*result_len = reslen;
+	}
+
 	return resbuf;
 }
+
+PHPAPI char *_php_math_number_format_ex(double d, int dec, char *dec_point,
+		size_t dec_point_len, char *thousand_sep, size_t thousand_sep_len)
+{
+	return _php_math_number_format_ex_len(d, dec, dec_point, dec_point_len,
+			thousand_sep, thousand_sep_len, NULL);
+}
 /* }}} */
 
 /* {{{ proto string number_format(float number [, int num_decimal_places [, string dec_seperator, string thousands_seperator]])
@@ -1241,7 +1254,10 @@ PHP_FUNCTION(number_format)
 			thousand_sep_len = 1;
 		}
 
-		RETURN_STRING(_php_math_number_format_ex(num, dec, dec_point, dec_point_len, thousand_sep, thousand_sep_len), 0);
+		Z_TYPE_P(return_value) = IS_STRING;
+		Z_STRVAL_P(return_value) = _php_math_number_format_ex_len(num, dec,
+				dec_point, dec_point_len, thousand_sep, thousand_sep_len,
+				&Z_STRLEN_P(return_value));
 		break;
 	default:
 		WRONG_PARAM_COUNT;
diff --git a/ext/standard/tests/math/bug62112.phpt b/ext/standard/tests/math/bug62112.phpt
new file mode 100644
index 0000000000..01de35a9c5
Binary files /dev/null and b/ext/standard/tests/math/bug62112.phpt differ