PHP :: Bug #60801 :: strpbrk() mishandles NUL byte

Bug #60801 strpbrk() mishandles NUL byte
Submitted: 2012-01-19 09:37 UTC Modified: 2012-03-02 03:36 UTC
From: dexen dot devries at gmail dot com Assigned: aharvey (profile)
Status: Closed Package: Strings related
PHP Version: 5.3.9 OS:
Private report: No CVE-ID: None

 [2012-01-19 09:37 UTC] dexen dot devries at gmail dot com

Description:
------------
PHP's strpbrk() passes its string arguments directly to libc strpbrk(), which
considers NUL byte a string-terminatig character rather than a normal part of
the string.

note that, in the test script below, the strpbrk() matches neither the NUL byte,
nor the `a' character (because it occurs after a NUL byte in $haystack), nor
even the `b' character (because it occurs after a NUL byte in $char_list).

Test script:
---------------
$haystack = "foob\x00ar";
$char_list = "a\x00b";
$v = strpbrk($haystack, $char_list);

Expected result:
----------------
$v === "b\x00ar"

Actual result:
--------------
$v === FALSE

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

 [2012-01-30 12:56 UTC] aharvey@php.net

-Status: Open +Status: Assigned -Package: Class/Object related +Package: Strings related -Assigned To: +Assigned To: aharvey

 [2012-01-30 13:30 UTC] aharvey@php.net

Implemented on trunk. This should be straightforward enough to backport to 5.3 and 
5.4, but with 5.4 in code freeze at present, I'll have to revisit this a bit after 
5.4.0 final is released.

 [2012-01-30 14:12 UTC] dexen dot devries at gmail dot com

thanks for the quick fix, aharvey :-)

 [2012-03-02 03:36 UTC] aharvey@php.net

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

Backported to 5.3 and 5.4.