php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #49585 date_format buffer not long enough for >4 digit years
Submitted: 2009-09-18 08:49 UTC Modified: 2010-02-10 16:56 UTC
From: [email protected] Assigned: derick (profile)
Status: Closed Package: Date/time related
PHP Version: 5.3SVN-2009-09-18 (SVN) OS: Linux (Ubuntu 9.04)
Private report: No CVE-ID: None
 [2009-09-18 08:49 UTC] [email protected]
Description:
------------
The buffer allocated within date_format() isn't long enough for RFC 2822 formatted dates (format string 'r') when the year requires five or more characters to be represented, which causes the output to be truncated. ISO 8601 dates ('c') are also affected, but only in the absolute extreme case, as demonstrated below.

The na?ve approach is obviously to extend the buffer size, and the patch (against the current PHP_5_3 checkout) at http://www.adamharvey.name/stuff/date-format-buffer.patch extends it far enough to cover all possible contingencies on common platforms -- since date_format() casts the year to a signed int when it calls slprintf(), the longest possible value that needs to be catered for in the year field is -2147483648 on any platform where int is 32 bit, which is pretty much all of them.

Reproduce code:
---------------
<?php
$date = new DateTime('-1500-01-01');
var_dump($date->format('r'));

$date->setDate(pow(2, 31), 1, 1);
var_dump($date->format('r'));
var_dump($date->format('c'));
?>

Expected result:
----------------
string(32) "Sat, 01 Jan -1500 00:00:00 +0800"
string(38) "Wed, 01 Jan -2147483648 00:00:00 +0800"
string(32) "-2147483648-01-01T00:00:00+08:00"

Actual result:
--------------
string(31) "Sat, 01 Jan -1500 00:00:00 +080"
string(31) "Wed, 01 Jan -2147483648 00:00:0"
string(31) "-2147483648-01-01T00:00:00+08:0"

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-09-18 09:00 UTC] [email protected]
Actually, 64bit machines are getting pretty much common, so could you please update your patch?
 [2009-09-18 09:01 UTC] [email protected]
Oh, and a few phpt test cases would be awesome too :-)
 [2009-09-18 09:09 UTC] [email protected]
Actually, I'm running a 64 bit machine anyway; the point is that the explicit (int) cast will be 32 bit regardless on an LP64 or LLP64 architecture. Nevertheless, a patch that can definitely handle 64 bit ints is at http://www.adamharvey.name/stuff/date-format-buffer-64.patch.
 [2009-09-18 09:10 UTC] [email protected]
By which I mean http://www.adamharvey.name/stuff/date-format-buffer-64.patch -- the PHP bug tracker's autolinking picked up the full stop. :)
 [2009-09-18 09:28 UTC] [email protected]
Gah, just found another corner case while writing the PHPT case. The "short" day name used by 'r' may not actually be three characters in all cases -- 'Unknown' can be returned. Ergo, we need another four characters.

Revised patch: http://www.adamharvey.name/stuff/date-format-buffer-64-revised.patch
PHPT test case: http://www.adamharvey.name/stuff/bug49585.phpt
 [2010-02-10 16:55 UTC] [email protected]
Automatic comment from SVN on behalf of derick
Revision: http://svn.php.net/viewvc/?view=revision&revision=294855
Log: - Fixed bug #49585 (date_format buffer not long enough for >4 digit years).
#- Was already partly fixed with my previous commit.
 [2010-02-10 16:56 UTC] [email protected]
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 [2010-02-11 11:02 UTC] [email protected]
Automatic comment from SVN on behalf of pajoye
Revision: http://svn.php.net/viewvc/?view=revision&revision=294878
Log: - Fixed bug #49585 (date_format buffer not long enough for >4 digit years).
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved.
Last updated: Thu Jun 12 10:01:26 2025 UTC