php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #45923 mb_st[r]ripos() offset not handled correctly
Submitted: 2008-08-26 16:07 UTC Modified: 2009-02-14 10:13 UTC
From: d_kelsey at uk dot ibm dot com Assigned: moriyoshi (profile)
Status: Closed Package: mbstring related
PHP Version: 5.*CVS (2009-01-21) OS: *
Private report: No CVE-ID: None
 [2008-08-26 16:07 UTC] d_kelsey at uk dot ibm dot com
Description:
------------
The offset checking in mb_stripos and mb_strripos doesn't match the case sensitive equivalents with regard to character counts rather than byte counts. More importantly entering a negative offset in mb_strripos results in a "Offset not contained in string." message which was not expected.

Suggested code changes.

mb_stripos function add the check:
	if (offset < 0 || (unsigned long)offset > (unsigned long)mbfl_strlen(&old_haystack)) {
		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Offset not contained in string.");
		RETURN_FALSE;
	}

mb_strripos function add the check: 
	if ((offset > 0 && offset > mbfl_strlen(&old_haystack)) ||
		(offset < 0 && -offset > mbfl_strlen(&old_haystack))) {
		php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Offset is greater than the length of haystack string");
		RETURN_FALSE;
	}


php_mb_stripos function remove the check:
		if (offset < 0 || (unsigned long)offset > haystack.len) {
			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Offset not contained in string.");
			break;
		}



Reproduce code:
---------------
<?php
var_dump(mb_strripos("abc abc abc", "b", -3));
?>

Expected result:
----------------
int(5)

Actual result:
--------------
Warning: mb_strripos(): Offset not contained in string. in C:\udata-eclipse\p8\a.phpcode\testmb.php on line 2
bool(false)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-12-05 13:37 UTC] ant@php.net
I re-tested, this is still happening on the latest 5.2 snap.
 [2009-01-19 17:25 UTC] d_kelsey at uk dot ibm dot com
as of php 5.2.8 this bug is still present
 [2009-02-14 10:13 UTC] moriyoshi@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 11:01:28 2024 UTC