|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #6192 printf(): right aligned zero padded negative numbers wrongly zero terminated
Submitted: 2000-08-16 06:57 UTC Modified: 2000-08-16 10:13 UTC
From: dq at altern dot org Assigned:
Status: Closed Package: Misbehaving function
PHP Version: 4.0.1pl2 OS: Windows NT
Private report: No CVE-ID: None
 [2000-08-16 06:57 UTC] dq at altern dot org
An unneeded zero "\0" is inserted after a right aligned zero padded negative number,
as can be seen with following examples:

  // works as expected: number=' -321'
  // works as expected: number=' -321.012346'
  // a \0 is inserted between 1 and closing quote :-(
  // a \0 is inserted between 6 and closing quote :-(

The bug is IMO in the function php_sprintf_appendstring() in the source

In the following code fragment of the PHP sources, only the "len" variable is decremented
when a negative number is encountered.

  if (alignment == ALIGN_RIGHT) {
    if (sign && padding=='0') { (*buffer)[(*pos)++] = '-'; add++; len--; }

If "max_width" is also decremented next to "len", then this bug is squashed :-)

  if (alignment == ALIGN_RIGHT) {
    if (sign && padding=='0') { (*buffer)[(*pos)++] = '-'; add++; len--; max_width--; }

Kind regards,


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2000-08-16 07:24 UTC]
Please try latest CVS - since I can't reproduce it, I guess my recent changes fixed that too.
 [2000-08-16 10:13 UTC] dq at altern dot org
Yes, this is fixed. Was already fixed some time ago, as I wasn't following CVS (up to now).

PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Sat Sep 23 12:01:27 2023 UTC