Open YuanchengJiang opened 2 weeks ago
Likely same root cause as https://github.com/php/php-src/issues/16262
Simplified reproducer:
bcdiv("-0.01", -12.3456789000e10, 9);
No, slightly different cause than #16262.
The problem here is that quot_real_arr_size
is 0, so the loop for (i = 0; i < quot_real_arr_size - 1; i++) {
goes OOB.
However, the loop must write bytes because otherwise the numbers in bc_num are uninitialized.
Description
The following code:
Resulted in this output:
PHP Version
PHP 8.4.0-dev
Operating System
ubuntu 22.04