php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #6192 printf(): right aligned zero padded negative numbers wrongly zero terminated
Submitted: 2000-08-16 06:57 UTC Modified: 2000-08-16 10:13 UTC
From: dq at altern dot org Assigned:
Status: Closed Package: Misbehaving function
PHP Version: 4.0.1pl2 OS: Windows NT
Private report: No CVE-ID: None
 [2000-08-16 06:57 UTC] dq at altern dot org
An unneeded zero "\0" is inserted after a right aligned zero padded negative number,
as can be seen with following examples:

  printf("number='%5d'\n",-321);
  // works as expected: number=' -321'
  printf("number='%5f'\n",-321.0123456789);
  // works as expected: number=' -321.012346'
  printf("number='%05d'\n",-321);
  // a \0 is inserted between 1 and closing quote :-(
  printf("number='%05f'\n",-321.0123456789);
  // a \0 is inserted between 6 and closing quote :-(

The bug is IMO in the function php_sprintf_appendstring() in the source
.../ext/standard/formatted_print.c

In the following code fragment of the PHP sources, only the "len" variable is decremented
when a negative number is encountered.

  if (alignment == ALIGN_RIGHT) {
    if (sign && padding=='0') { (*buffer)[(*pos)++] = '-'; add++; len--; }

If "max_width" is also decremented next to "len", then this bug is squashed :-)

  if (alignment == ALIGN_RIGHT) {
    if (sign && padding=='0') { (*buffer)[(*pos)++] = '-'; add++; len--; max_width--; }

Kind regards,
DQ

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2000-08-16 07:24 UTC] stas@php.net
Please try latest CVS - since I can't reproduce it, I guess my recent changes fixed that too.
 [2000-08-16 10:13 UTC] dq at altern dot org
Yes, this is fixed. Was already fixed some time ago, as I wasn't following CVS (up to now).

Thanks
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Fri Oct 15 21:03:43 2021 UTC