php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #53685 Raise E_WARNING before returning NULL from preg_replace()
Submitted: 2011-01-07 03:51 UTC Modified: 2016-07-20 23:36 UTC
Votes:4
Avg. Score:4.5 ± 0.5
Reproduced:4 of 4 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (25.0%)
From: tstarling at wikimedia dot org Assigned: cmb (profile)
Status: Duplicate Package: PCRE related
PHP Version: 5.3SVN-2011-01-07 (SVN) OS:
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: tstarling at wikimedia dot org
New email:
PHP Version: OS:

 

 [2011-01-07 03:51 UTC] tstarling at wikimedia dot org
Description:
------------
php_pcre_replace_impl() responds to all errors in pcre_exec() by doing:

} else {
	pcre_handle_exec_error(count TSRMLS_CC);
	efree(result);
	result = NULL;
	break;
}

No warning is raised. This is very scary, since unexpectedly large user input may trigger PCRE_ERROR_MATCHLIMIT or similar. Most code that calls preg_replace() does not check for an error condition, the return value is simply converted to a string. So the net effect is that the string is deleted instead of just having some bits changed in it. 

Raising a warning would allow this condition to be more easily detected during testing, and more easily diagnosed during debugging. It would allow fuzz testing to be used. And it would bring preg_replace() into line with general conventions for error reporting in PHP internal functions.

Test script:
---------------
ini_set('pcre.backtrack_limit', 100)
print preg_replace( '/a.*a/', '', 'a'.str_repeat('b', 1000))


Expected result:
----------------
PHP Warning: pcre.backtrack_limit exceeded in preg_replace() in ....

Actual result:
--------------
Silence.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-01-12 23:24 UTC] felipe@php.net
-Type: Bug +Type: Feature/Change Request
 [2016-07-20 23:36 UTC] cmb@php.net
-Status: Open +Status: Duplicate -Assigned To: +Assigned To: cmb
 [2016-07-20 23:36 UTC] cmb@php.net
This is a duplicate of request #51103.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 26 20:01:29 2024 UTC