php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #49585 date_format buffer not long enough for >4 digit years
Submitted: 2009-09-18 08:49 UTC Modified: 2010-02-10 16:56 UTC
From: aharvey@php.net Assigned: derick (profile)
Status: Closed Package: Date/time related
PHP Version: 5.3SVN-2009-09-18 (SVN) OS: Linux (Ubuntu 9.04)
Private report: No CVE-ID: None
 [2009-09-18 08:49 UTC] aharvey@php.net
Description:
------------
The buffer allocated within date_format() isn't long enough for RFC 2822 formatted dates (format string 'r') when the year requires five or more characters to be represented, which causes the output to be truncated. ISO 8601 dates ('c') are also affected, but only in the absolute extreme case, as demonstrated below.

The na?ve approach is obviously to extend the buffer size, and the patch (against the current PHP_5_3 checkout) at http://www.adamharvey.name/stuff/date-format-buffer.patch extends it far enough to cover all possible contingencies on common platforms -- since date_format() casts the year to a signed int when it calls slprintf(), the longest possible value that needs to be catered for in the year field is -2147483648 on any platform where int is 32 bit, which is pretty much all of them.

Reproduce code:
---------------
<?php
$date = new DateTime('-1500-01-01');
var_dump($date->format('r'));

$date->setDate(pow(2, 31), 1, 1);
var_dump($date->format('r'));
var_dump($date->format('c'));
?>

Expected result:
----------------
string(32) "Sat, 01 Jan -1500 00:00:00 +0800"
string(38) "Wed, 01 Jan -2147483648 00:00:00 +0800"
string(32) "-2147483648-01-01T00:00:00+08:00"

Actual result:
--------------
string(31) "Sat, 01 Jan -1500 00:00:00 +080"
string(31) "Wed, 01 Jan -2147483648 00:00:0"
string(31) "-2147483648-01-01T00:00:00+08:0"

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-09-18 09:00 UTC] derick@php.net
Actually, 64bit machines are getting pretty much common, so could you please update your patch?
 [2009-09-18 09:01 UTC] derick@php.net
Oh, and a few phpt test cases would be awesome too :-)
 [2009-09-18 09:09 UTC] aharvey@php.net
Actually, I'm running a 64 bit machine anyway; the point is that the explicit (int) cast will be 32 bit regardless on an LP64 or LLP64 architecture. Nevertheless, a patch that can definitely handle 64 bit ints is at http://www.adamharvey.name/stuff/date-format-buffer-64.patch.
 [2009-09-18 09:10 UTC] aharvey@php.net
By which I mean http://www.adamharvey.name/stuff/date-format-buffer-64.patch -- the PHP bug tracker's autolinking picked up the full stop. :)
 [2009-09-18 09:28 UTC] aharvey@php.net
Gah, just found another corner case while writing the PHPT case. The "short" day name used by 'r' may not actually be three characters in all cases -- 'Unknown' can be returned. Ergo, we need another four characters.

Revised patch: http://www.adamharvey.name/stuff/date-format-buffer-64-revised.patch
PHPT test case: http://www.adamharvey.name/stuff/bug49585.phpt
 [2010-02-10 16:55 UTC] svn@php.net
Automatic comment from SVN on behalf of derick
Revision: http://svn.php.net/viewvc/?view=revision&revision=294855
Log: - Fixed bug #49585 (date_format buffer not long enough for >4 digit years).
#- Was already partly fixed with my previous commit.
 [2010-02-10 16:56 UTC] derick@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 [2010-02-11 11:02 UTC] svn@php.net
Automatic comment from SVN on behalf of pajoye
Revision: http://svn.php.net/viewvc/?view=revision&revision=294878
Log: - Fixed bug #49585 (date_format buffer not long enough for >4 digit years).
 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Mon Dec 17 03:01:26 2018 UTC