Prevent int overflow on $decimals in number_format for PHP < 8.3 #11714
Conversation
ext/standard/math.c
Outdated
| @@ -1156,7 +1157,17 @@ PHP_FUNCTION(number_format) | |||
| thousand_sep_len = 1; | |||
| } | |||
|
|
|||
| RETURN_STR(_php_math_number_format_ex(num, (int)dec, dec_point, dec_point_len, thousand_sep, thousand_sep_len)); | |||
| #if SIZEOF_ZEND_LONG > SIZEOF_INT | |||
There was a problem hiding this comment.
You can use ZEND_LONG_INT_OVFL & ZEND_LONG_INT_UDFL which will allow you to avoid this #if and make the code a bit cleaner. These macros will resolve to false if zend_long and int are the same size.
There's also ZEND_LONG_EXCEEDS_INT, but that's unusable here because you still want to set dec_int to a sane value.
There was a problem hiding this comment.
This looks logical to me and seems to work right. If no more comments of other reviewers arrive I'll go ahead and merge.
I think this also needs to be applied to 8.1 though, but no need to change the target branch as this will require manual merging anyway and I can deal with it.
I understand the issues with the test you listed in #11649. Upon merging into 8.3 I can take your tests from that other PR.
This is a follow-up PR for #11649 targeting 8.2
As #11487 is available in 8.3 only and a positive
$decimalswill most probably end up in OOM error ... I don't have a good idea how to test this