|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #27675 Access Violation
Submitted: 2004-03-24 10:24 UTC Modified: 2004-03-26 14:16 UTC
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: marcel at korton dot nl Assigned: pollita (profile)
Status: Closed Package: Strings related
PHP Version: 5.0.0RC1 OS: win XP
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: marcel at korton dot nl
New email:
PHP Version: OS:


 [2004-03-24 10:24 UTC] marcel at korton dot nl
str_ireplace gives an unexpected result

Reproduce code:
$strResult = '/*<B>i see this</B>*/';

echo $strResult;

$strResult = str_ireplace('/*<B>', '<B>', $strResult );
echo $strResult;

Expected result:
<B>i see this</B>*/'

Actual result:
PHP has encountered an Access Violation at 00CB7C21/*i see this*/


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2004-03-25 20:00 UTC] nick at linuxmail dot org
I've noticed this only seems to crash when the replacement string is not the same length as the searched-for string.
 [2004-03-25 20:38 UTC]
Verified the problem. The following patch fixes it for me.

Index: string.c
RCS file: /repository/php-src/ext/standard/string.c,v
retrieving revision 1.413
diff -u -r1.413 string.c
--- string.c    18 Mar 2004 09:48:37 -0000      1.413
+++ string.c    26 Mar 2004 01:46:19 -0000
@@ -3065,6 +3065,10 @@
                                        e += end - p;
                        } else {
+                               haystack_dup = estrndup(haystack, length);
+                               needle_dup = estrndup(needle, needle_len);
+                               php_strtolower(haystack_dup, length);
+                               php_strtolower(needle_dup, needle_len);
                                end = haystack_dup + length;

                                for (p = haystack_dup; (r = php_memnstr(p, needle_dup, needle_len, end)); p = r + needle_len) {

 [2004-03-26 14:16 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

Close, but that'd have introduced a leak for str_ireplaces which expand the length of the string.

PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Sun Mar 26 06:03:39 2023 UTC