PHP :: Bug #71994 :: Octal escape sequences are not checked for overflow

Bug #71994

Octal escape sequences are not checked for overflow

Submitted:

2016-04-08 19:58 UTC

Modified:

2018-11-23 09:23 UTC

Votes:	2
Avg. Score:	4.0 ± 0.0
Reproduced:	2 of 2 (100.0%)
Same Version:	2 (100.0%)
Same OS:	2 (100.0%)

From:

dragondreamer at live dot com

Assigned:

pollita (profile)

Status:

Closed

Package:

Scripting Engine problem

PHP Version:

Irrelevant

OS:

Any

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	dragondreamer at live dot com
New email:
PHP Version:		OS:

New Comment:

[2016-04-08 19:58 UTC] dragondreamer at live dot com

Description:
------------
Octal escape sequences in double quotes or backticks are not checked for overflow.

Test script:
---------------
<?php
echo ord("\777"[0]) . PHP_EOL;
echo ord("\666"[0]) . PHP_EOL;
echo ord("\555"[0]) . PHP_EOL;

Expected result:
----------------
Some kind of error, because all of \777, \666, \555 sequences are invalid, their value is greater than 255.

Actual result:
--------------
255
182
109

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2016-04-09 08:59 UTC] cmb@php.net

-Package: *Compile Issues +Package: Scripting Engine problem

[2016-04-13 02:38 UTC] pollita@php.net

Under discussion: https://wiki.php.net/rfc/octal.overload-checking

[2016-05-10 20:21 UTC] pollita@php.net

-Assigned To: +Assigned To: pollita

[2016-05-14 00:28 UTC] pollita@php.net

-Status: Assigned +Status: Closed

[2016-05-14 00:28 UTC] pollita@php.net

Agreed course of action is that as of PHP 7.1 we'll raise a compile time warning, but continue to allow the value to overflow.  At a later time, this may be promoted to a full error, but for now we're keeping BC.

[2018-11-23 09:23 UTC] dragondreamer at live dot com

-: temp at temp dot ru +: dragondreamer at live dot com

[2018-11-23 09:23 UTC] dragondreamer at live dot com

Edit e-mail address

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Oct 31 12:00:01 2025 UTC