php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #26003 fgetcsv() not binary-safe on null bytes
Submitted: 2003-10-27 09:58 UTC Modified: 2003-11-07 16:39 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: mr dot heat at gmx dot de Assigned:
Status: Closed Package: Filesystem function related
PHP Version: 4CVS-20031028 OS: Irrelevant
Private report: No CVE-ID:
 [2003-10-27 09:58 UTC] mr dot heat at gmx dot de
Description:
------------
If the .csv file contains any 0x00 character, fgetcsv() stops reading the line and continues on the next one. Assume the folowing .csv file (with _ as place marker for the 0x00 character).

"aaaaa","bb_bb"
"ccccc","ddddd"

fgetcsv() breaks at 0x00 (with slightly different behaviours in 4.x and 5.x), the EOL character is skipped, the '"' in front of 'ccccc' becomes the closing enclosure, 'ccccc' is skipped, 'ddddd' becomes value [2].

(This bug may be related to http://bugs.php.net/bug.php?id=22382 - see the last comment.)

Reproduce code:
---------------
<?php
$fp = fopen("temporary.csv", "w+b");
fwrite($fp, "\"aaaaa\",\"bb" . chr(0) . "bb\"\n");
fwrite($fp, "\"ccccc\",\"ddddd\"\n");
fseek($fp, 0);
var_dump(fgetcsv($fp, 100));
?>

Expected result:
----------------
array(3) {
  [0]=> string(5) "aaaaa"
  [1]=> string(5) "bb_bb"
}
(_ as a place marker for 0x00.)

Actual result:
--------------
In 4.3.4RC3-dev:
array(3) {
  [0]=> string(5) "aaaaa"
  [1]=> string(2) "bb"
  [2]=> string(5) "ddddd"
}

In 5.0.0b2-dev (_ as a place marker for 0x00):
array(3) {
  [0]=> string(5) "aaaaa"
  [1]=> string(7) "bb_bb"
"
  [2]=> string(5) "ddddd"
}

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-11-07 16:39 UTC] iliaa@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 23 07:02:14 2014 UTC