From 3e62aae1b456440328af4153524e22679b84f68a Mon Sep 17 00:00:00 2001
From: =?utf8?q?Gustavo=20Andr=C3=A9=20dos=20Santos=20Lopes?=
 <cataphract@php.net>
Date: Wed, 23 May 2012 10:56:57 +0200
Subject: [PATCH] Fix bug #62112: number_format() is not binary safe

The bug report actually urges PHP 5.3's behavior to be
reinstated -- that is, make "\0", when used as a separator,
be the same as no separator at all. I believe that is not a
proper course of action and that "\0" being interpreted as
no seperator was a bug in PHP 5.3.

Using "" for no separator, in both 5.3 and 5.4, before and
after this change, causes no separator to be used, so
there is no functionality loss.
---
 NEWS                                  |   1 +
 ext/standard/math.c                   |  20 ++++++++++++++++++--
 ext/standard/tests/math/bug62112.phpt | Bin 0 -> 143 bytes
 3 files changed, 19 insertions(+), 2 deletions(-)
 create mode 100644 ext/standard/tests/math/bug62112.phpt

diff --git a/NEWS b/NEWS
index c8aa208905..326504fd72 100644
--- a/NEWS
+++ b/NEWS
@@ -17,6 +17,7 @@ PHP                                                                        NEWS
 
 - Core:
   . Fixed missing bound check in iptcparse(). (chris at chiappa.net)
+  . Fixed bug #62112 (number_format() is not binary safe). (Gustavo)
   . Fixed bug #62005 (unexpected behavior when incrementally assigning to a 
     member of a null object). (Laruence)
   . Fixed bug #61998 (Using traits with method aliases appears to result in
diff --git a/ext/standard/math.c b/ext/standard/math.c
index 65187f6fa1..b3e8c6f086 100644
--- a/ext/standard/math.c
+++ b/ext/standard/math.c
@@ -1097,7 +1097,9 @@ PHPAPI char *_php_math_number_format(double d, int dec, char dec_point, char tho
 	return _php_math_number_format_ex(d, dec, &dec_point, 1, &thousand_sep, 1);
 }
 
-PHPAPI char *_php_math_number_format_ex(double d, int dec, char *dec_point, size_t dec_point_len, char *thousand_sep, size_t thousand_sep_len)
+static char *_php_math_number_format_ex_len(double d, int dec, char *dec_point,
+		size_t dec_point_len, char *thousand_sep, size_t thousand_sep_len,
+		int *result_len)
 {
 	char *tmpbuf = NULL, *resbuf;
 	char *s, *t;  /* source, target */
@@ -1205,8 +1207,19 @@ PHPAPI char *_php_math_number_format_ex(double d, int dec, char *dec_point, size
 
 	efree(tmpbuf);
 	
+	if (result_len) {
+		*result_len = reslen;
+	}
+
 	return resbuf;
 }
+
+PHPAPI char *_php_math_number_format_ex(double d, int dec, char *dec_point,
+		size_t dec_point_len, char *thousand_sep, size_t thousand_sep_len)
+{
+	return _php_math_number_format_ex_len(d, dec, dec_point, dec_point_len,
+			thousand_sep, thousand_sep_len, NULL);
+}
 /* }}} */
 
 /* {{{ proto string number_format(float number [, int num_decimal_places [, string dec_seperator, string thousands_seperator]])
@@ -1241,7 +1254,10 @@ PHP_FUNCTION(number_format)
 			thousand_sep_len = 1;
 		}
 
-		RETURN_STRING(_php_math_number_format_ex(num, dec, dec_point, dec_point_len, thousand_sep, thousand_sep_len), 0);
+		Z_TYPE_P(return_value) = IS_STRING;
+		Z_STRVAL_P(return_value) = _php_math_number_format_ex_len(num, dec,
+				dec_point, dec_point_len, thousand_sep, thousand_sep_len,
+				&Z_STRLEN_P(return_value));
 		break;
 	default:
 		WRONG_PARAM_COUNT;
diff --git a/ext/standard/tests/math/bug62112.phpt b/ext/standard/tests/math/bug62112.phpt
new file mode 100644
index 0000000000000000000000000000000000000000..01de35a9c558ea88295c5a65d75828087d3498d9
GIT binary patch
literal 143
zcmdPZ4RH+)(beU0Dos~VHZw9bG_q32E6q(xEs9UeFUn0U(a==LELO<NFHuO!%u6h)
zR47hNOXbqlb@TLb1?sc0FUTn1DoZSiPbtkU&_LB{q-Uz5V5Fm<6l0(SB-NEPHLZbK
dT_XZqok5lsmlS2@rE8dIDkvE-m>MW?0RZ!iC_(@L

literal 0
HcmV?d00001

-- 
2.50.1