php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #80285 strspn $length argument may no longer exceed the string bounds
Submitted: 2020-10-26 16:11 UTC Modified: 2020-10-27 10:45 UTC
From: paul dot crovella at gmail dot com Assigned: nikic (profile)
Status: Closed Package: Unknown/Other Function
PHP Version: 8.0.0RC2 OS:
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: paul dot crovella at gmail dot com
New email:
PHP Version: OS:

 

 [2020-10-26 16:11 UTC] paul dot crovella at gmail dot com 
Description:
------------
This commit[1] changed not just out-of-bounds offsets of strspn to throw ValueError, but lengths that exceed the string bounds as well.

Given that a positive $length argument functions as a max-length for the match attempt, the prior behavior of accepting a length beyond the string bounds makes sense and reverting to it would realign with substr whose length parameter serves a similar purpose.

Is something gained by breaking existing code and requiring:

strspn($subject, $mask, $start, min($length, strlen($subject) - $start))

where:

strspn($subject, $mask, $start, $length)

seemed to work fine as intended prior?

[1] https://github.com/php/php-src/commit/5d9ab53a5d53f11a18ae11ed31b17ff87c8d52a7

Test script:
---------------
<?php

var_dump(
    strspn("foo", "asdf", 0, 4),
    strspn("fffff", "asdf", 0, 4)
);

Expected result:
----------------
int(1)
int(4)

Actual result:
--------------
Fatal error: Uncaught ValueError: strspn(): Argument #4 ($length) must be contained in argument #1 ($str) in /in/J05AD:4

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-10-27 10:45 UTC] nikic@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: nikic
 [2020-10-27 10:45 UTC] nikic@php.net 
This is the second independent report of this issue, so I've decided to undo the change in https://github.com/php/php-src/commit/d776d25a8e6763bfe8cc283a4693d7d417d50ddd. The behavior should be strictly identical to doing a substr in advance now.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Dec 26 17:01:31 2024 UTC