php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #27675 Access Violation
Submitted: 2004-03-24 10:24 UTC Modified: 2004-03-26 14:16 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: marcel at korton dot nl Assigned: pollita (profile)
Status: Closed Package: Strings related
PHP Version: 5.0.0RC1 OS: win XP
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: marcel at korton dot nl
New email:
PHP Version: OS:

 

 [2004-03-24 10:24 UTC] marcel at korton dot nl 
Description:
------------
str_ireplace gives an unexpected result

Reproduce code:
---------------
<?php
$strResult = '/*<B>i see this</B>*/';

echo $strResult;

$strResult = str_ireplace('/*<B>', '<B>', $strResult );
	
echo $strResult;
?>


Expected result:
----------------
<B>i see this</B>*/'


Actual result:
--------------
PHP has encountered an Access Violation at 00CB7C21/*i see this*/

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-03-25 20:00 UTC] nick at linuxmail dot org 
I've noticed this only seems to crash when the replacement string is not the same length as the searched-for string.
 [2004-03-25 20:38 UTC] edink@php.net 
Verified the problem. The following patch fixes it for me.

Index: string.c
===================================================================
RCS file: /repository/php-src/ext/standard/string.c,v
retrieving revision 1.413
diff -u -r1.413 string.c
--- string.c    18 Mar 2004 09:48:37 -0000      1.413
+++ string.c    26 Mar 2004 01:46:19 -0000
@@ -3065,6 +3065,10 @@
                                        e += end - p;
                                }
                        } else {
+                               haystack_dup = estrndup(haystack, length);
+                               needle_dup = estrndup(needle, needle_len);
+                               php_strtolower(haystack_dup, length);
+                               php_strtolower(needle_dup, needle_len);
                                end = haystack_dup + length;

                                for (p = haystack_dup; (r = php_memnstr(p, needle_dup, needle_len, end)); p = r + needle_len) {
 [2004-03-26 14:16 UTC] pollita@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Close, but that'd have introduced a leak for str_ireplaces which expand the length of the string.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sun Feb 16 17:01:29 2025 UTC