From c2d3734e899cd457d04f5d6ed93f467ec23fdd01 Mon Sep 17 00:00:00 2001
From: divinity76 <hans@loltek.net>
Date: Sat, 21 Sep 2024 08:44:02 +0200
Subject: [PATCH] Fix GH-15964: printf() can strip sign of -INF

We need to cater to negative infinity explicitly.

Co-authored-by: Christoph M. Becker <cmbecker69@gmx.de>

Closes GH-15965.
---
 NEWS                           | 1 +
 ext/standard/formatted_print.c | 7 ++++---
 tests/strings/002.phpt         | 4 ++++
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/NEWS b/NEWS
index 675d7dfd37a30..e572109d26714 100644
--- a/NEWS
+++ b/NEWS
@@ -15,6 +15,7 @@ PHP                                                                        NEWS
     skipLazyInitialization() may change initialized proxy). (Arnaud)
   . Fix is_zend_ptr() huge block comparison. (nielsdos)
   . Fixed potential OOB read in zend_dirname() on Windows. (cmb)
+  . Fixed bug GH-15964 (printf() can strip sign of -INF). (divinity76, cmb)
 
 - Curl:
   . Fix various memory leaks in curl mime handling. (nielsdos)
diff --git a/ext/standard/formatted_print.c b/ext/standard/formatted_print.c
index ba0f73d9a9c22..8d8c09f443c04 100644
--- a/ext/standard/formatted_print.c
+++ b/ext/standard/formatted_print.c
@@ -246,9 +246,10 @@ php_sprintf_appenddouble(zend_string **buffer, size_t *pos,
 	}
 
 	if (zend_isinf(number)) {
-		is_negative = (number<0);
-		php_sprintf_appendstring(buffer, pos, "INF", 3, 0, padding,
-								 alignment, 3, is_negative, 0, always_sign);
+		is_negative = (number<0);		
+		char *str = is_negative ? "-INF" : "INF";
+		php_sprintf_appendstring(buffer, pos, str, strlen(str), 0, padding,
+								alignment, strlen(str), is_negative, 0, always_sign);
 		return;
 	}
 
diff --git a/tests/strings/002.phpt b/tests/strings/002.phpt
index 54630836b1632..6284e9bf5d339 100644
--- a/tests/strings/002.phpt
+++ b/tests/strings/002.phpt
@@ -44,6 +44,8 @@ try {
 } catch(\ValueError $e) {
     print('Error found: '.$e->getMessage()."\n");
 }
+printf("printf test 31:%.17g\n", INF);
+printf("printf test 32:%.17g\n", -INF);
 vprintf("vprintf test 1:%2\$-2d %1\$2d\n", array(1, 2));
 
 
@@ -83,4 +85,6 @@ printf test 27:3 1 2
 printf test 28:02  1
 printf test 29:2   1
 printf test 30:Error found: Argument number specifier must be greater than zero and less than 2147483647
+printf test 31:INF
+printf test 32:-INF
 vprintf test 1:2   1