php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #41034 json_encode ignores null byte started keys in arrays
Submitted: 2007-04-10 04:40 UTC Modified: 2009-11-13 14:53 UTC
From: php at sameprecision dot org Assigned: iliaa
Status: Closed Package: JSON related
PHP Version: 5.2.1 OS: suse linux 10, windows XP sp2
Private report: No CVE-ID:
 [2007-04-10 04:40 UTC] php at sameprecision dot org
Description:
------------
If a key in an array starts with the null byte, json_encode ignores that key=>value pair.

This seems wrong because json_encode doesn't care about null bytes anywhere in the value (and neither does javascript, about keys or values).

Reproduce code:
---------------
//works as expected:
echo json_encode(array(0,"a\0b"=>1,"\0null-prefixed value"));

echo "\n\n";

//ignores second element whose key begins with null byte:
echo json_encode(array(0,"\0ab"=>1,"\0null-prefixed value"));

Expected result:
----------------
{"0":0,"a\0b":1,"1":"\0null-prefixed value"}

{"0":0,"\0ab":1,"1":"\0null-prefixed value"}




// \0 represents an actual null byte here

Actual result:
--------------
{"0":0,"a\0b":1,"1":"\0null-prefixed value"}

{"0":0,"1":"\0null-prefixed value"}




// \0 represents an actual null byte here



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-04-10 17:53 UTC] php at sameprecision dot org
In /ext/json/json.c line 190:

if (key[0] == '\0') {
  /* Skip protected and private members. */
  continue;
}


Looks like condition should be (key[0] == '\0' && strlen(key)==1)
 [2007-04-10 18:06 UTC] php at sameprecision dot org
woops

if (key[0] == '\0' && keylen == 1) {
  /* Skip protected and private members. */
  continue;
}
 [2007-04-10 22:20 UTC] tony2001@php.net
Reassigned to Ilia per his request.
 [2007-04-12 19:40 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sat Apr 19 22:02:16 2014 UTC