php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #45866 decimal values fed to DateTime->modify() causes long execution times
Submitted: 2008-08-20 03:58 UTC Modified: 2009-07-29 17:40 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: jsnell at e-normous dot com Assigned: derick
Status: Closed Package: Date/time related
PHP Version: 5CVS, 6CVS (2008-11-11) OS: *
Private report: No CVE-ID:
 [2008-08-20 03:58 UTC] jsnell at e-normous dot com
Description:
------------
Feeding a decimal value to DateTime's modify() function can cause very 
long execution times because the decimal point is ignored.

Reproduced on the php5.3-200808200230 snapshot. 





Reproduce code:
---------------
$date = new DateTime(); 
$date->modify("+1.61538461538 day"); 

Expected result:
----------------
A warning or exception, or perhaps 1 day + 0.61538461538*24 hours added.

Actual result:
--------------
after 32 seconds of execution, 161538461538 days are added to the date

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-11-11 10:47 UTC] jani@php.net
Happens in all branches.
 [2009-07-29 17:40 UTC] derick@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

The algorithm has been optimized some time ago, it's much faster now for these large values. The result is *also* correct as the given string is parsed as:

"+1" (timezone offset)
"."  (ignored by default)
"61538461538 day" (the jump forwards)

I have a patch that adds warnings for *broken* strings though, but this breaks a few already existing tests: http://files.derickrethans.nl/patches/php-date-modify-warnings-2009-07-29.diff.txt
Closing this report.
 [2010-02-10 16:23 UTC] svn@php.net
Automatic comment from SVN on behalf of derick
Revision: http://svn.php.net/viewvc/?view=revision&revision=294854
Log: - Added a test case for bug #45866
- Fixed tests: oo_002, bug46268
- Fixed bug #50930 (Wrong date by php_date.c patch with ancient gcc/glibc
  versions).
- Make sure faulty strings passed to DateTime::modify() notify the user.
- Revert fix for bug #50392 as it was fixed wrongly without a proper test case.
- Fixed a bug with the 'r' formatting function as the default buffer size that
  was allocated only fit 4 digit years.
 [2010-02-11 11:11 UTC] svn@php.net
Automatic comment from SVN on behalf of pajoye
Revision: http://svn.php.net/viewvc/?view=revision&revision=294880
Log: - merge fix for: #45866,#50930, revert fix for #50392, Fixed a bug with the 'r' formatting function, added or fixed tests for #45866 and #46268
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 23 14:02:33 2014 UTC