php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #23984 chr(0) in pattern string causes string truncation
Submitted: 2003-06-03 08:56 UTC Modified: 2003-06-03 13:56 UTC
From: ltfrench at vt dot edu Assigned:
Status: Not a bug Package: PCRE related
PHP Version: 4.3.1 OS: Redhat 8.0
Private report: No CVE-ID: None
 [2003-06-03 08:56 UTC] ltfrench at vt dot edu
This problem is very similar to: http://bugs.php.net/bug.php?id=14580 and also http://bugs.php.net/bug.php?id=18341 but seems to have cropped up again.

Inserting a null character into a string with the chr() function causes the string to be truncated.

<?php
$null = chr(0);
$a = "string\0withnull";
$b = "string$nullwithnull";

echo $a . "\n";
echo $b . "\n";

echo strlen($a) . "\n";
echo strlen($b) . "\n";
?>

Output:
stringwithnull
string
15
6

I encountered this with a generic php 4.3.1 setup.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-06-03 10:09 UTC] philip@php.net
PHP is looking for a variable named $nullwithnull so to make this work, you must use "string{$null}withnull"...
 [2003-06-03 12:13 UTC] ltfrench at vt dot edu
Ok, this will teach me to try to write new test cases.  The first test case was bogus, I'm a boob.  

The problem I am really having with is with preg_replace().

<?php
$string = "string\0withnull";
// array of bad ascii values I want to ditch
$ary = array( chr(0), chr(1) );
foreach( $ary as $badchar ){
   pattern = "/$badchar/";
   replacement = "TEST";
   $string = preg_replace($pattern, $replacement, $string);
}
echo $string;
?>

This generates 
Warning: No ending delimiter '/' found in /home/www/web_root/lance.php on line 19

Which leads me to believe that my $pattern string got truncated without the trailing / when used in preg_replace.
 [2003-06-03 13:08 UTC] jay@php.net
I believe this is a limitation of the PCRE library. From 
the PCRE man page: 
 
"The pattern is a C string terminated by a binary zero, 
and is passed in the argument pattern. ... The subject 
string is passed as a pointer in subject, a length in 
length, and a starting offset in startoffset. Unlike the 
pattern string, it may contain binary zero characters." 
 
So, you can't have NULL characters in the pattern string. 
You can use str_replace() to replace those NULL 
characters, though. 
 
J 
 [2003-06-03 13:56 UTC] ltfrench at vt dot edu
If I substitute '\0' for the chr(0) in my matching pattern, the replacement works.  So it will accept an *escaped* NULL value.  That is the work around I have been using and I'm not sure how that differs, behind the scenes, from using chr(0).  

But yeah, I see that having a null/binary zeron in the pattern *should* prematurely terminate the pattern string.  Thanks.
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Sun Jan 16 19:03:36 2022 UTC