php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #40943 Function str_ireplace() crashes Apache server
Submitted: 2007-03-29 06:52 UTC Modified: 2007-04-30 13:12 UTC
Votes:4
Avg. Score:4.8 ± 0.4
Reproduced:4 of 4 (100.0%)
Same Version:4 (100.0%)
Same OS:4 (100.0%)
From: dzoukr at dzoukr dot cz Assigned:
Status: Not a bug Package: Reproducible crash
PHP Version: 5.2.1 OS: Windows XP SP2
Private report: No CVE-ID: None
View Developer Edit
 [2007-03-29 06:52 UTC] dzoukr at dzoukr dot cz 
Description:
------------
Hi guys, yesterday I found a bug, which has been making me mad for a long time. I found out that function str_ireplace() in current version (5.2.1) on Apache2 (WinXP SP2) crashes server. I looked in release log, where is something about buffer overflow for str_replace(), but it seems that function str_ireplace() has been forgotten. It happens on multi-using this function.

Reproduce code:
---------------
<?php
$string = "not so long text, maybe less than 1000 chars";
$result = str_ireplace("A", "B", $string);
$result = str_ireplace("B", "C", $result);
$result = str_ireplace("C", "D", $result);
$result = str_ireplace("D", "E", $result);
$result = str_ireplace("E", "F", $result);
?>

Expected result:
----------------
String with replaced chars

Actual result:
--------------
Apache crashes - browser says, that connection with server has been corrupted during page loading!

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-03-29 08:14 UTC] tony2001@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip
 [2007-03-29 08:25 UTC] dzoukr at dzoukr dot cz 
Ok, I will try it asap. But I have to find out first, how to re-install PHP on Wamp server (this is bundle of PHP+MySQL+Apache2). ;-) Can I expect this bug will be fixed in next PHP stable release version?
 [2007-03-29 08:28 UTC] tony2001@php.net 
You can expect it to be fixed in the snapshot.
To install it just download the .zip and unpack it.
 [2007-03-29 08:32 UTC] tony2001@php.net 
Btw, I can't replicate anything like that both in the snapshot and 5.2.1.
 [2007-03-29 09:20 UTC] dzoukr at dzoukr dot cz 
OK. Anyway, thanks for looking at it. Maybe it is some crazy combination of Apache settings and PHP. ;) As I said - I`m using Wamp server and I made almost no configuration changes, so who knows. Now I`m using str_replace() and no problem occured.
 [2007-04-06 01:00 UTC] php-bugs at lists dot php dot net 
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2007-04-16 10:25 UTC] qrf_coil at yahoo dot fr 
I've experienced the same problem on a production server of a customer, quiet annoying, even using str_replace instead will correct the problem

The server reported :
ERROR
The requested URL could not be retrieved
While trying to retrieve the URL: 
The following error was encountered:
    * Zero Sized Reply

Server used is a Unix with 
PHP 5.2.1-0.dotdeb.1 with Suhosin-Patch 0.9.6.2 (cli) (built: Feb  9 2007 04:46:32)
 [2007-04-19 20:40 UTC] registry at ivide dot com 
I am having this problem as well on php 5.2.1. It does not happen on another server I have running php 5.1.6. I had it happen trying to str_ireplace with an array of characters to be replaced with "".

I am using XP Sp2, Apache 1.3.37, and Php stable 5.2.1.

The apache logs show "zend_mm_heap corrupted" and the browser says "The connection to the server was interrupted".
 [2007-04-29 21:21 UTC] qrf_coil at yahoo dot fr 
Good to hear, obviously it's a real bug.. could someone change the status of this bug ?
 [2007-04-30 08:43 UTC] dzoukr at dzoukr dot cz 
Status changed to open. That`s all I can do wit it ;)
 [2007-04-30 13:12 UTC] tony2001@php.net 
>I am having this problem as well on php 5.2.1.
I asked the original reporter to try the snapshot month ago, obviously you did not bother doing it, otherwise you would have discovered that the problem has been fixed months ago.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Wed Jul 16 00:01:31 2025 UTC