php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #40915 addcslashes has unexpected behavior with binary input / string terminator
Submitted: 2007-03-26 06:06 UTC Modified: 2007-03-26 10:28 UTC
From: trevor at corevx dot com Assigned: tony2001 (profile)
Status: Closed Package: Strings related
PHP Version: 5.2.1 OS: Solaris / OS X
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: trevor at corevx dot com
New email:
PHP Version: OS:

 

 [2007-03-26 06:06 UTC] trevor at corevx dot com
Description:
------------
When the input to addcslashes contains a NULL character (string terminator, \000) the resulting output is terminated at that point if the NULL character is not deliberately escaped.  

This makes it impossible to use addcslashes for certain special cases with binary data.  If fixed it would be a much more powerful tool.

Reproduce code:
---------------
# Last pair demonstrates issue

$str = "a\000z";

echo $str;                                # => az
strlen( $str );                           # => 3

addslashes( $str );                       # => a\0z
strlen( addslashes( $str ) );             # => 4

addcslashes( $str, "\000z" );             # => a\000\z
strlen( addcslashes( $str, "\000z" ) );   # => 7

addcslashes( $str, "z" );                 # => a
strlen( addcslashes( $str, "z" ) );       # => 1

Expected result:
----------------
echo addcslashes( $str, "z" );            # => a\z
strlen( addcslashes( $str, "z" ) );       # => 4


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-03-26 10:28 UTC] tony2001@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 21:01:27 2024 UTC