|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #66183 Converting large strings to floats
Submitted: 2013-11-27 14:17 UTC Modified: 2015-08-28 18:18 UTC
From: aatallah at stanford dot edu Assigned: nikic (profile)
Status: Closed Package: Strings related
PHP Version: Irrelevant OS: Mac OS X 10.9
Private report: No CVE-ID: 2013-4164
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: aatallah at stanford dot edu
New email:
PHP Version: OS:


 [2013-11-27 14:17 UTC] aatallah at stanford dot edu
I'm using PHP 5.4.17 (cli) (built: Aug 25 2013 02:03:38), the default shipped by Apple now.

See the test script. When a string-representation of a decimal is large enough, converting it to a float causes "Fatal error: Balloc() allocation exceeds list boundary in php shell code on line 1" and terminates the script. This is similar to Ruby's bug, publicized at

Ruby fixed this by avoiding the Bigint freelist in Balloc; perhaps PHP should do something better than having a hard cutoff for k in Balloc.

Test script:
echo floatval("1.".str_repeat("1", 300000));

Expected result:
1.1111111111111, which is the output of echo floatval("1.".str_repeat("1", 300));

Actual result:
Fatal error: Balloc() allocation exceeds list boundary in php shell code on line 1


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2013-12-12 05:27 UTC]
-Type: Bug +Type: Security -Private report: No +Private report: Yes
 [2013-12-12 05:28 UTC]
-CVE-ID: +CVE-ID: 2013-4164
 [2013-12-12 05:29 UTC]
-Type: Security +Type: Bug
 [2013-12-12 05:29 UTC]
hmm, misunderstood, this is not a security bug for php
 [2015-08-28 18:18 UTC]
-Status: Open +Status: Closed -Assigned To: +Assigned To: nikic
 [2015-08-28 18:18 UTC]
This has been fixed in PHP 7 as part of the strtod update.
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Thu Jun 08 05:03:37 2023 UTC