|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #27675 Access Violation
Submitted: 2004-03-24 10:24 UTC Modified: 2004-03-26 14:16 UTC
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: marcel at korton dot nl Assigned: pollita (profile)
Status: Closed Package: Strings related
PHP Version: 5.0.0RC1 OS: win XP
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: marcel at korton dot nl
New email:
PHP Version: OS:


 [2004-03-24 10:24 UTC] marcel at korton dot nl
str_ireplace gives an unexpected result

Reproduce code:
$strResult = '/*<B>i see this</B>*/';

echo $strResult;

$strResult = str_ireplace('/*<B>', '<B>', $strResult );
echo $strResult;

Expected result:
<B>i see this</B>*/'

Actual result:
PHP has encountered an Access Violation at 00CB7C21/*i see this*/


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2004-03-25 20:00 UTC] nick at linuxmail dot org
I've noticed this only seems to crash when the replacement string is not the same length as the searched-for string.
 [2004-03-25 20:38 UTC]
Verified the problem. The following patch fixes it for me.

Index: string.c
RCS file: /repository/php-src/ext/standard/string.c,v
retrieving revision 1.413
diff -u -r1.413 string.c
--- string.c    18 Mar 2004 09:48:37 -0000      1.413
+++ string.c    26 Mar 2004 01:46:19 -0000
@@ -3065,6 +3065,10 @@
                                        e += end - p;
                        } else {
+                               haystack_dup = estrndup(haystack, length);
+                               needle_dup = estrndup(needle, needle_len);
+                               php_strtolower(haystack_dup, length);
+                               php_strtolower(needle_dup, needle_len);
                                end = haystack_dup + length;

                                for (p = haystack_dup; (r = php_memnstr(p, needle_dup, needle_len, end)); p = r + needle_len) {

 [2004-03-26 14:16 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

Close, but that'd have introduced a leak for str_ireplaces which expand the length of the string.

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Feb 24 07:01:28 2024 UTC