From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041103 Firefox/1.0RC2 Description of problem: When using %f with printf/sprintf etc on negative numbers, it is emitting a NULL at the end for some reason. eg printf("'%0.2f'\n", -10.45); results in '-10.45^@' (^@ being the NULL) Positive numbers are fine. It's not in php 4.2.2, or php 4.3.9 Wouldn't normally be an issue, as I would just run a later php.. but customer is running Enterprise, and wants to stick to "standard" RHEL issued rpm's for "support". Yukky work arounds ensue. Version-Release number of selected component (if applicable): php-4.3.2-14.ent How reproducible: Always Steps to Reproduce: 1. see description 2. 3. Additional info:
Thanks for the report.
Updated packages which include the fix this issue are now available for download, *for test purposes only* from the URL: http://people.redhat.com/jorton/Taroon-php/: The following changes are included in these packages: - add security fixes from upstream (#141132, #142056): * various unserializer fixes; updated to 4.3.10 code (CAN-2004-1019) * add fix for exif buffer overflow (CAN-2004-1065) - shmop_write bounds checking and pack/unpack integer overflows (assigned CAN-2004-1018; only impact for malicious scripts) - fix trailing NUL from printf in some cases (#138250) - BuildRequire libtool (#137720)
The fix for this bug was included in the following erratum: http://rhn.redhat.com/errata/RHSA-2004-687.html