php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #40915 addcslashes has unexpected behavior with binary input / string terminator
Submitted: 2007-03-26 06:06 UTC Modified: 2007-03-26 10:28 UTC
From: trevor at corevx dot com Assigned: tony2001
Status: Closed Package: Strings related
PHP Version: 5.2.1 OS: Solaris / OS X
Private report: No CVE-ID:
 [2007-03-26 06:06 UTC] trevor at corevx dot com
Description:
------------
When the input to addcslashes contains a NULL character (string terminator, \000) the resulting output is terminated at that point if the NULL character is not deliberately escaped.  

This makes it impossible to use addcslashes for certain special cases with binary data.  If fixed it would be a much more powerful tool.

Reproduce code:
---------------
# Last pair demonstrates issue

$str = "a\000z";

echo $str;                                # => az
strlen( $str );                           # => 3

addslashes( $str );                       # => a\0z
strlen( addslashes( $str ) );             # => 4

addcslashes( $str, "\000z" );             # => a\000\z
strlen( addcslashes( $str, "\000z" ) );   # => 7

addcslashes( $str, "z" );                 # => a
strlen( addcslashes( $str, "z" ) );       # => 1

Expected result:
----------------
echo addcslashes( $str, "z" );            # => a\z
strlen( addcslashes( $str, "z" ) );       # => 4


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-03-26 10:28 UTC] tony2001@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 17 16:02:22 2014 UTC