|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #26927 preg_quote and/or preg_match disrespect embedded null chars in strings
Submitted: 2004-01-15 19:45 UTC Modified: 2004-01-15 21:29 UTC
From: ikindred at cox dot net Assigned:
Status: Closed Package: PCRE related
PHP Version: 4.3.4 OS: FreeBSD 4.9
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: ikindred at cox dot net
New email:
PHP Version: OS:


 [2004-01-15 19:45 UTC] ikindred at cox dot net
At first glance, either or both of the following are bugs:

1. preg_quote does not properly escape the null character (\000).

2. preg_match chokes on patterns containing unescaped null characters.

I personally want to think that preg_match should be able to handle patterns containing null characters.  However, according to Bug #16590, preg_match's behavior is a feature and not a bug - oh well.  (I also recognize that there may be legitimate performance reasons for disallowing null chars in patterns.)

I therefore claim that preg_quote is buggy should be fixed.  Please note that:

(a) preg_quote ("a\000b") returns "a\000b", so it is not like preg_quote is treating the \000 as an end-of-string character (which would result in "a" being returned).  preg_quote is just passing the \000 through without escaping it.

(b) As far as I can tell, there is no "preg_quote" function in the PCRE library (specifically, there is no function with "quote" as part of its name).  So, as far as I can tell, PHP cannot blame the PCRE for preg_quote's buggy behavior.

Many thanks!

Reproduce code:

$pattern = "/". preg_quote ("a\000b"). "/";
print "preg_match: ". preg_match ($pattern, "a\000b"). "\n";


Expected result:
preg_match: 1

Actual result:
Warning: No ending delimiter '/' found in /<path>/test.php on line 4


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2004-01-15 21:29 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Sat Jan 22 03:03:33 2022 UTC