PHP :: Bug #42861 :: strtr() crashes when $from argument is empty string or null, with Unicode ON

Bug #42861	strtr() crashes when $from argument is empty string or null, with Unicode ON
Submitted:	2007-10-05 06:48 UTC	Modified:	2008-01-21 14:37 UTC
From:	mahesh dot vemula at in dot ibm dot com	Assigned:
Status:	Closed	Package:	Strings related
PHP Version:	6CVS-2007-10-05 (snap)	OS:	RHEL4, Windows XP
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	mahesh dot vemula at in dot ibm dot com
New email:
PHP Version:		OS:

New Comment:

[2007-10-05 06:48 UTC] mahesh dot vemula at in dot ibm dot com

Description:
------------
strtr() crashes on php6 with unicode ON , when $from argument is given as any of the following:
empty string
Null

e.g:
var_dump( strtr("hello", array("" => "string") ) );
var_dump( strtr("hello", "", "string") );

This is applicable for PHP6 with Unicode.

Reproduce code:
---------------
<?php
var_dump( strtr("hello", array("" => "string") ) );
var_dump( strtr("hello", array('' => "string") ) );
var_dump( strtr("hello", array(null => "string") ) );
var_dump( strtr("hello", array(NULL => "string") ) );

var_dump( strtr("hello", "", "string") );
var_dump( strtr("hello", '', "string") );
var_dump( strtr("hello", NULL, "string") );
var_dump( strtr("hello", null, "string") );
?>

Expected result:
----------------
unicode(5) "hello"
unicode(5) "hello"
unicode(5) "hello"
unicode(5) "hello"
unicode(5) "hello"
unicode(5) "hello"
unicode(5) "hello"
unicode(5) "hello"

Actual result:
--------------
On Windows: crashes
On linux(RHEL4):
Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 1066789985 bytes) in %s on line %d

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2007-11-23 00:28 UTC] felipe@php.net

Works fine. (php6.0-200711202130)

[2008-01-21 13:09 UTC] felipe@php.net

I reproduced the problem.

Simple fix:

Index: ext/standard/string.c
===================================================================
RCS file: /repository/php-src/ext/standard/string.c,v
retrieving revision 1.662
diff -u -u -r1.662 string.c
--- ext/standard/string.c       16 Jan 2008 08:34:06 -0000      1.662
+++ ext/standard/string.c       21 Jan 2008 13:08:25 -0000
@@ -4443,7 +4443,7 @@
        }
 
        if (Z_TYPE_PP(str) == IS_UNICODE) {
-               int outlen;
+               int outlen = 0;
                UChar *outstr;
 
                if (ac == 2) {

[2008-01-21 14:37 UTC] tony2001@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue Apr 29 11:01:28 2025 UTC