PHP :: Bug #23984 :: chr(0) in pattern string causes string truncation

Bug #23984	chr(0) in pattern string causes string truncation
Submitted:	2003-06-03 08:56 UTC	Modified:	2003-06-03 13:56 UTC
From:	ltfrench at vt dot edu	Assigned:
Status:	Not a bug	Package:	PCRE related
PHP Version:	4.3.1	OS:	Redhat 8.0
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	ltfrench at vt dot edu
New email:
PHP Version:		OS:

New Comment:

[2003-06-03 08:56 UTC] ltfrench at vt dot edu

This problem is very similar to: http://bugs.php.net/bug.php?id=14580 and also http://bugs.php.net/bug.php?id=18341 but seems to have cropped up again.

Inserting a null character into a string with the chr() function causes the string to be truncated.

<?php
$null = chr(0);
$a = "string\0withnull";
$b = "string$nullwithnull";

echo $a . "\n";
echo $b . "\n";

echo strlen($a) . "\n";
echo strlen($b) . "\n";
?>

Output:
stringwithnull
string
15
6

I encountered this with a generic php 4.3.1 setup.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-06-03 10:09 UTC] philip@php.net

PHP is looking for a variable named $nullwithnull so to make this work, you must use "string{$null}withnull"...

[2003-06-03 12:13 UTC] ltfrench at vt dot edu

Ok, this will teach me to try to write new test cases.  The first test case was bogus, I'm a boob.  

The problem I am really having with is with preg_replace().

<?php
$string = "string\0withnull";
// array of bad ascii values I want to ditch
$ary = array( chr(0), chr(1) );
foreach( $ary as $badchar ){
   pattern = "/$badchar/";
   replacement = "TEST";
   $string = preg_replace($pattern, $replacement, $string);
}
echo $string;
?>

This generates 
Warning: No ending delimiter '/' found in /home/www/web_root/lance.php on line 19

Which leads me to believe that my $pattern string got truncated without the trailing / when used in preg_replace.

[2003-06-03 13:08 UTC] jay@php.net

I believe this is a limitation of the PCRE library. From 
the PCRE man page: 
 
"The pattern is a C string terminated by a binary zero, 
and is passed in the argument pattern. ... The subject 
string is passed as a pointer in subject, a length in 
length, and a starting offset in startoffset. Unlike the 
pattern string, it may contain binary zero characters." 
 
So, you can't have NULL characters in the pattern string. 
You can use str_replace() to replace those NULL 
characters, though. 
 
J

[2003-06-03 13:56 UTC] ltfrench at vt dot edu

If I substitute '\0' for the chr(0) in my matching pattern, the replacement works.  So it will accept an *escaped* NULL value.  That is the work around I have been using and I'm not sure how that differs, behind the scenes, from using chr(0).  

But yeah, I see that having a null/binary zeron in the pattern *should* prematurely terminate the pattern string.  Thanks.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Jan 15 09:01:28 2025 UTC