php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #33938 Dangerous INIT_OVERLOADED_CLASS_ENTRY design flaw
Submitted: 2005-07-31 22:11 UTC Modified: 2005-08-01 21:02 UTC
From: dan dot colascione at gmail dot com Assigned:
Status: Not a bug Package: Scripting Engine problem
PHP Version: 5.0.4 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: dan dot colascione at gmail dot com
New email:
PHP Version: OS:

 

 [2005-07-31 22:11 UTC] dan dot colascione at gmail dot com 
Description:
------------
The INIT_OVERLOADED_CLASS_ENTRY macro assumes that it's being passed a static string array for its class_name parameter. It obtains the length of the string with sizeof(), when it should be using strlen. This leads to class names being silently truncated when classes are initialized with a string variable instead of a static string array.

Reproduce code:
---------------
char* a = get_some_string();
zend_class_entry ce;
INIT_OVERLOADED_CLASS_ENTRY(ce, a, ...);

Expected result:
----------------
The name of the class in ce should be the return value of get_some_string()

Actual result:
--------------
The name of the class is truncated to sizeof(char*)-1 characters.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-08-01 00:43 UTC] sniper@php.net 
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php
 [2005-08-01 21:02 UTC] dan dot colascione at gmail dot com 
It's not a bug in the sense that it does something wrong, but it is extremely unintuitive and and is a flaw in the PHP extension API. Shouldn't these things be fixed?!
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sun Nov 02 10:00:02 2025 UTC