PHP :: Bug #60801 :: strpbrk() mishandles NUL byte

Bug #60801	strpbrk() mishandles NUL byte
Submitted:	2012-01-19 09:37 UTC	Modified:	2012-03-02 03:36 UTC
From:	dexen dot devries at gmail dot com	Assigned:	aharvey (profile)
Status:	Closed	Package:	Strings related
PHP Version:	5.3.9	OS:
Private report:	No	CVE-ID:	None

[2012-01-19 09:37 UTC] dexen dot devries at gmail dot com

Description:
------------
PHP's strpbrk() passes its string arguments directly to libc strpbrk(), which
considers NUL byte a string-terminatig character rather than a normal part of
the string.

note that, in the test script below, the strpbrk() matches neither the NUL byte,
nor the `a' character (because it occurs after a NUL byte in $haystack), nor
even the `b' character (because it occurs after a NUL byte in $char_list).

Test script:
---------------
$haystack = "foob\x00ar";
$char_list = "a\x00b";
$v = strpbrk($haystack, $char_list);

Expected result:
----------------
$v === "b\x00ar"

Actual result:
--------------
$v === FALSE

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2012-01-30 12:56 UTC] aharvey@php.net

-Status: Open +Status: Assigned -Package: Class/Object related +Package: Strings related -Assigned To: +Assigned To: aharvey

[2012-01-30 13:30 UTC] aharvey@php.net

Implemented on trunk. This should be straightforward enough to backport to 5.3 and 
5.4, but with 5.4 in code freeze at present, I'll have to revisit this a bit after 
5.4.0 final is released.

[2012-01-30 14:12 UTC] dexen dot devries at gmail dot com

thanks for the quick fix, aharvey :-)

[2012-03-02 03:36 UTC] aharvey@php.net

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

Backported to 5.3 and 5.4.