php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #63208 BSTR to PHP string conversion not binary safe
Submitted: 2012-10-03 12:40 UTC Modified: 2020-06-25 08:38 UTC
Votes:5
Avg. Score:4.4 ± 0.8
Reproduced:4 of 4 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: gopeyx at gmail dot com Assigned: cmb (profile)
Status: Closed Package: COM related
PHP Version: 5.3.17 OS: Windows NT W-AM-13079 6.1 build
Private report: No CVE-ID: None
 [2012-10-03 12:40 UTC] gopeyx at gmail dot com
Description:
------------
I have a VARIANT of type 8209 which is an array of bytes (VT_ARRAY | VT_UI1).
This array contains null byte in the middle.

When trying to convert it to a string only bytes before null byte are used. Others are ignored.

But they are present in the object. You can see it if you walk through the bytes of variant via foreach().

Test script:
---------------
<?php

$string = "ab\0cd";

$variant = new VARIANT($string, VT_ARRAY | VT_UI1); // Array of bytes

$converted = (string) $variant;

var_dump($string);
var_dump($converted);


Expected result:
----------------
string(5) "abcd"
string(5) "abcd"

// $converted variable should be equal to the original $string and should contain 5 characters.

Actual result:
--------------
string(5) "abcd"
string(2) "ab"

Patches

olestring-binary-safe (last revision 2015-08-16 16:26 UTC by cmb@php.net)

Pull Requests

Pull requests:

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-10-11 15:38 UTC] tomas dot var at dtr-sistemas dot com
I have the same problem when I want to extract the value of a LONGBINARY field from an MS-Access or MSSQL Database (OLE Field exactly), and the OLE embeeded header contains some zero bytes. I can obtain only 3 bytes when it converts to a string for save to a file. And when I loop with "foreach" the VARIANT ARRAY of UNSIGNED BYTES it loops correctly (except for the byte '\0' after every valid byte) and if I count the array with "count($field->Value)" for example, it results the double lenght that expects.
Why don't exists in PHP a way to obtain a simple array of bytes for a variable, or access the data like a "string" of bytes?
 [2015-08-16 16:25 UTC] cmb@php.net
-Status: Open +Status: Analyzed
 [2015-08-16 16:25 UTC] cmb@php.net
The problem is that php_com_olestring_to_string()[1] is not binary
safe, because it passes -1 to the cchWideChar parameter of
WideCharToMultiByte()[2]. That causes WideCharToMultiByte() to
stop at the first null character (actually, two null bytes), and
so the rest of the string is ignored.

As a BSTR[3] has a prefix containing its length in bytes it
appears we could use this to calculate the proper cchWideChar
argument, see the attached patch.

[1] <https://github.com/php/php-src/blob/php-7.0.0beta3/ext/com_dotnet/com_olechar.c#L74>
[2] <https://msdn.microsoft.com/en-us/library/windows/desktop/dd374130(v=vs.85).aspx>
[3] <https://msdn.microsoft.com/en-us/library/windows/desktop/ms221069(v=vs.85).aspx>
 [2015-08-16 16:26 UTC] cmb@php.net
The following patch has been added/updated:

Patch Name: olestring-binary-safe
Revision:   1439742362
URL:        https://bugs.php.net/patch-display.php?bug=63208&patch=olestring-binary-safe&revision=1439742362
 [2020-06-25 08:38 UTC] cmb@php.net
-Summary: Wrong conversion of byte array VARIANT which contains null byte to string +Summary: BSTR to PHP string conversion not binary safe -Assigned To: +Assigned To: cmb
 [2020-06-25 08:41 UTC] cmb@php.net
The following pull request has been associated:

Patch Name: Fix #63208: BSTR to PHP string conversion not binary safe
On GitHub:  https://github.com/php/php-src/pull/5766
Patch:      https://github.com/php/php-src/pull/5766.patch
 [2020-06-29 17:07 UTC] cmb@php.net
Automatic comment on behalf of cmbecker69@gmx.de
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a385cfa7ad7fe3621bb6095ff88bc8d74b358df0
Log: Fix #63208: BSTR to PHP string conversion not binary safe
 [2020-06-29 17:07 UTC] cmb@php.net
-Status: Analyzed +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 16:01:28 2024 UTC