php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #26927 preg_quote and/or preg_match disrespect embedded null chars in strings
Submitted: 2004-01-15 19:45 UTC Modified: 2004-01-15 21:29 UTC
From: ikindred at cox dot net Assigned:
Status: Closed Package: PCRE related
PHP Version: 4.3.4 OS: FreeBSD 4.9
Private report: No CVE-ID:
 [2004-01-15 19:45 UTC] ikindred at cox dot net
Description:
------------
At first glance, either or both of the following are bugs:

1. preg_quote does not properly escape the null character (\000).

2. preg_match chokes on patterns containing unescaped null characters.

I personally want to think that preg_match should be able to handle patterns containing null characters.  However, according to Bug #16590, preg_match's behavior is a feature and not a bug - oh well.  (I also recognize that there may be legitimate performance reasons for disallowing null chars in patterns.)

I therefore claim that preg_quote is buggy should be fixed.  Please note that:

(a) preg_quote ("a\000b") returns "a\000b", so it is not like preg_quote is treating the \000 as an end-of-string character (which would result in "a" being returned).  preg_quote is just passing the \000 through without escaping it.

(b) As far as I can tell, there is no "preg_quote" function in the PCRE library (specifically, there is no function with "quote" as part of its name).  So, as far as I can tell, PHP cannot blame the PCRE for preg_quote's buggy behavior.

Many thanks!

Reproduce code:
---------------
<?php

$pattern = "/". preg_quote ("a\000b"). "/";
print "preg_match: ". preg_match ($pattern, "a\000b"). "\n";

?>


Expected result:
----------------
preg_match: 1


Actual result:
--------------
Warning: No ending delimiter '/' found in /<path>/test.php on line 4
preg_match: 


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-01-15 21:29 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 23 14:02:33 2014 UTC