|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #49585 date_format buffer not long enough for >4 digit years
Submitted: 2009-09-18 08:49 UTC Modified: 2010-02-10 16:56 UTC
From: Assigned: derick (profile)
Status: Closed Package: Date/time related
PHP Version: 5.3SVN-2009-09-18 (SVN) OS: Linux (Ubuntu 9.04)
Private report: No CVE-ID: None
 [2009-09-18 08:49 UTC]
The buffer allocated within date_format() isn't long enough for RFC 2822 formatted dates (format string 'r') when the year requires five or more characters to be represented, which causes the output to be truncated. ISO 8601 dates ('c') are also affected, but only in the absolute extreme case, as demonstrated below.

The na?ve approach is obviously to extend the buffer size, and the patch (against the current PHP_5_3 checkout) at extends it far enough to cover all possible contingencies on common platforms -- since date_format() casts the year to a signed int when it calls slprintf(), the longest possible value that needs to be catered for in the year field is -2147483648 on any platform where int is 32 bit, which is pretty much all of them.

Reproduce code:
$date = new DateTime('-1500-01-01');

$date->setDate(pow(2, 31), 1, 1);

Expected result:
string(32) "Sat, 01 Jan -1500 00:00:00 +0800"
string(38) "Wed, 01 Jan -2147483648 00:00:00 +0800"
string(32) "-2147483648-01-01T00:00:00+08:00"

Actual result:
string(31) "Sat, 01 Jan -1500 00:00:00 +080"
string(31) "Wed, 01 Jan -2147483648 00:00:0"
string(31) "-2147483648-01-01T00:00:00+08:0"


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2009-09-18 09:00 UTC]
Actually, 64bit machines are getting pretty much common, so could you please update your patch?
 [2009-09-18 09:01 UTC]
Oh, and a few phpt test cases would be awesome too :-)
 [2009-09-18 09:09 UTC]
Actually, I'm running a 64 bit machine anyway; the point is that the explicit (int) cast will be 32 bit regardless on an LP64 or LLP64 architecture. Nevertheless, a patch that can definitely handle 64 bit ints is at
 [2009-09-18 09:10 UTC]
By which I mean -- the PHP bug tracker's autolinking picked up the full stop. :)
 [2009-09-18 09:28 UTC]
Gah, just found another corner case while writing the PHPT case. The "short" day name used by 'r' may not actually be three characters in all cases -- 'Unknown' can be returned. Ergo, we need another four characters.

Revised patch:
PHPT test case:
 [2010-02-10 16:55 UTC]
Automatic comment from SVN on behalf of derick
Log: - Fixed bug #49585 (date_format buffer not long enough for >4 digit years).
#- Was already partly fixed with my previous commit.
 [2010-02-10 16:56 UTC]
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

 [2010-02-11 11:02 UTC]
Automatic comment from SVN on behalf of pajoye
Log: - Fixed bug #49585 (date_format buffer not long enough for >4 digit years).
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Feb 27 04:01:32 2024 UTC