|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #26003 fgetcsv() not binary-safe on null bytes
Submitted: 2003-10-27 09:58 UTC Modified: 2003-11-07 16:39 UTC
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: mr dot heat at gmx dot de Assigned:
Status: Closed Package: Filesystem function related
PHP Version: 4CVS-20031028 OS: Irrelevant
Private report: No CVE-ID: None
 [2003-10-27 09:58 UTC] mr dot heat at gmx dot de
If the .csv file contains any 0x00 character, fgetcsv() stops reading the line and continues on the next one. Assume the folowing .csv file (with _ as place marker for the 0x00 character).


fgetcsv() breaks at 0x00 (with slightly different behaviours in 4.x and 5.x), the EOL character is skipped, the '"' in front of 'ccccc' becomes the closing enclosure, 'ccccc' is skipped, 'ddddd' becomes value [2].

(This bug may be related to - see the last comment.)

Reproduce code:
$fp = fopen("temporary.csv", "w+b");
fwrite($fp, "\"aaaaa\",\"bb" . chr(0) . "bb\"\n");
fwrite($fp, "\"ccccc\",\"ddddd\"\n");
fseek($fp, 0);
var_dump(fgetcsv($fp, 100));

Expected result:
array(3) {
  [0]=> string(5) "aaaaa"
  [1]=> string(5) "bb_bb"
(_ as a place marker for 0x00.)

Actual result:
In 4.3.4RC3-dev:
array(3) {
  [0]=> string(5) "aaaaa"
  [1]=> string(2) "bb"
  [2]=> string(5) "ddddd"

In 5.0.0b2-dev (_ as a place marker for 0x00):
array(3) {
  [0]=> string(5) "aaaaa"
  [1]=> string(7) "bb_bb"
  [2]=> string(5) "ddddd"


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2003-11-07 16:39 UTC]
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at
In case this was a documentation problem, the fix will show up soon at

In case this was a website problem, the change will show
up on the site and on the mirror sites in short time.
Thank you for the report, and for helping us make PHP better.

PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Thu Sep 21 22:01:25 2023 UTC