Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit 429f20e

Browse files
marc-mabenielsdos
authored andcommitted
Prevent int overflow on $decimals in number_format
Closes GH-11714. Closes GH-11649.
1 parent ee3f932 commit 429f20e

File tree

2 files changed

+13
-7
lines changed

2 files changed

+13
-7
lines changed

‎NEWS‎

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,9 @@ PHP NEWS
99
. Fixed bug GH-11715 (opcache.interned_strings_buffer either has no effect or
1010
opcache_get_status() / phpinfo() is wrong). (nielsdos)
1111

12+
- Standard:
13+
. Prevent int overflow on $decimals in number_format. (Marc Bennewitz)
14+
1215
03 Aug 2023, PHP 8.1.22
1316

1417
- Build:

‎ext/standard/math.c‎

Lines changed: 10 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -283,15 +283,11 @@ PHP_FUNCTION(round)
283283
ZEND_PARSE_PARAMETERS_END();
284284

285285
if (ZEND_NUM_ARGS() >= 2) {
286-
#if SIZEOF_ZEND_LONG > SIZEOF_INT
287286
if (precision >= 0) {
288-
places = precision>INT_MAX ? INT_MAX : (int)precision;
287+
places = ZEND_LONG_INT_OVFL(precision) ? INT_MAX : (int)precision;
289288
} else {
290-
places = precision <= INT_MIN? INT_MIN+1 : (int)precision;
289+
places = ZEND_LONG_INT_UDFL(precision) ? INT_MIN : (int)precision;
291290
}
292-
#else
293-
places = precision;
294-
#endif
295291
}
296292

297293
switch (Z_TYPE_P(value)) {
@@ -1136,6 +1132,7 @@ PHP_FUNCTION(number_format)
11361132
{
11371133
double num;
11381134
zend_long dec = 0;
1135+
int dec_int;
11391136
char *thousand_sep = NULL, *dec_point = NULL;
11401137
size_t thousand_sep_len = 0, dec_point_len = 0;
11411138

@@ -1156,7 +1153,13 @@ PHP_FUNCTION(number_format)
11561153
thousand_sep_len = 1;
11571154
}
11581155

1159-
RETURN_STR(_php_math_number_format_ex(num, (int)dec, dec_point, dec_point_len, thousand_sep, thousand_sep_len));
1156+
if (dec >= 0) {
1157+
dec_int = ZEND_LONG_INT_OVFL(dec) ? INT_MAX : (int)dec;
1158+
} else {
1159+
dec_int = ZEND_LONG_INT_UDFL(dec) ? INT_MIN : (int)dec;
1160+
}
1161+
1162+
RETURN_STR(_php_math_number_format_ex(num, dec_int, dec_point, dec_point_len, thousand_sep, thousand_sep_len));
11601163
}
11611164
/* }}} */
11621165

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /