php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #10721 odd output in create_function()
Submitted: 2001-05-07 23:10 UTC Modified: 2001-07-16 10:09 UTC
From: justin at voxel dot net Assigned: jeroen
Status: Closed Package: Scripting Engine problem
PHP Version: 4.0.6 OS: GNU/Linux
Private report: No CVE-ID:
 [2001-05-07 23:10 UTC] justin at voxel dot net
An odd character seems to appear in the return value of
create_function() (which should be of 'lambda_x' format
where x is an integer).  This character is causing eval() to
crap out when trying to evaluate the created function.  Just
before the 'l' is a character that looks like Pi in the
browser.  The only way I knew to find out what it was was to
urlencode() the return value and the strange character was
encoded to '%00'.  I'm no C coder, but the changes below
seemed to fix things.  

*** /tmp/zend_builtin_functions.c	Mon May  7 22:09:45 2001
--- /usr/local/src/php-4.0.5/Zend/zend_builtin_functions.c	Mon May  7 22:03:31 2001
***************
*** 965,974 ****
  		}
  		function_add_ref(func);
  
! 		function_name = (char *)
emalloc(sizeof("0lambda_")+MAX_LENGTH_OF_LONG);
  
  		do {
! 	
	sprintf(function_name, "%clambda_%d", 0, ++EG(lambda_count));
  	
	function_name_length = strlen(function_name+1)+1;
  		} while (zend_hash_add(EG(function_table), function_name,
function_name_length+1, func, sizeof(zend_function),
NULL)==FAILURE);
  		zend_hash_del(EG(function_table), LAMBDA_TEMP_FUNCNAME,
sizeof(LAMBDA_TEMP_FUNCNAME));
--- 965,974 ----
  		}
  		function_add_ref(func);
  
! 		function_name = (char *)
emalloc(sizeof("lambda_")+MAX_LENGTH_OF_LONG);
  
  		do {
! 	
	sprintf(function_name, "lambda_%d", ++EG(lambda_count));
  	
	function_name_length = strlen(function_name+1)+1;
  		} while (zend_hash_add(EG(function_table), function_name,
function_name_length+1, func, sizeof(zend_function),
NULL)==FAILURE);
  		zend_hash_del(EG(function_table), LAMBDA_TEMP_FUNCNAME,
sizeof(LAMBDA_TEMP_FUNCNAME));

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-06-27 16:21 UTC] justin at voxel dot net
Any word on this?  Still exists in 4.0.6.

 [2001-07-09 09:45 UTC] jeroen@php.net
Fixed the patch, only waiting for it to get committed.
 [2001-07-16 10:09 UTC] zeev@php.net
This odd character is quite intentional, and is there in order to ensure that any functions created don't clash with user-defined functions.  You can see in the code that this extra NULL byte is accounted for and deliberately being added, it's not a coincidence :)

Jereon - please don't submit this patch.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 23 14:02:33 2014 UTC