php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79899 assert() is not binary-safe
Submitted: 2020-07-26 18:14 UTC Modified: 2021-03-12 11:25 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: fpoirotte+php-bugs at gmail dot com Assigned: cmb (profile)
Status: Wont fix Package: PHP options/info functions
PHP Version: 7.4.8 OS: Debian GNU/Linux Bullseye
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: fpoirotte+php-bugs at gmail dot com
New email:
PHP Version: OS:

 

 [2020-07-26 18:14 UTC] fpoirotte+php-bugs at gmail dot com
Description:
------------
The $description argument of assert() is not binary-safe.
When the description is displayed, it will get truncated at the first null (\0) byte.

Test script:
---------------
<?php

// run with: php -d zend.assertions=1 -f /tmp/test.php

error_reporting(E_ALL);
ini_set("display_errors", 1);
assert_options(ASSERT_ACTIVE, true);
assert_options(ASSERT_WARNING, true);

assert(false, "foo\000bar");

Expected result:
----------------
Warning: assert(): foobar failed in /tmp/test.php on line 10

Actual result:
--------------
Warning: assert(): foo failed in /tmp/test.php on line 10

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-07-27 15:27 UTC] cmb@php.net
-Package: Unknown/Other Function +Package: PHP options/info functions
 [2021-03-12 11:25 UTC] cmb@php.net
-Status: Open +Status: Wont fix -Assigned To: +Assigned To: cmb
 [2021-03-12 11:25 UTC] cmb@php.net
Using assert_options() is discouraged as of PHP 7.0.0, and I don't
see any valid reason not to enable assert.exception (what is
actually the default as of PHP 8.0.0), since assertions are a
development feature, and a failing assertion hints at a
programming error.  The exception shows the full description, so
there is no issue, besides that there is no good reason to include
NUL bytes in the description in the first place.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 30 14:01:28 2024 UTC