PHP :: Bug #42861 :: strtr() crashes when $from argument is empty string or null, with Unicode ON

Bug #42861	strtr() crashes when $from argument is empty string or null, with Unicode ON
Submitted:	2007-10-05 06:48 UTC	Modified:	2008-01-21 14:37 UTC
From:	mahesh dot vemula at in dot ibm dot com	Assigned:
Status:	Closed	Package:	Strings related
PHP Version:	6CVS-2007-10-05 (snap)	OS:	RHEL4, Windows XP
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	mahesh dot vemula at in dot ibm dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2007-10-05 06:48 UTC] mahesh dot vemula at in dot ibm dot com

Description:
------------
strtr() crashes on php6 with unicode ON , when $from argument is given as any of the following:
empty string
Null

e.g:
var_dump( strtr("hello", array("" => "string") ) );
var_dump( strtr("hello", "", "string") );

This is applicable for PHP6 with Unicode.

Reproduce code:
---------------
<?php
var_dump( strtr("hello", array("" => "string") ) );
var_dump( strtr("hello", array('' => "string") ) );
var_dump( strtr("hello", array(null => "string") ) );
var_dump( strtr("hello", array(NULL => "string") ) );

var_dump( strtr("hello", "", "string") );
var_dump( strtr("hello", '', "string") );
var_dump( strtr("hello", NULL, "string") );
var_dump( strtr("hello", null, "string") );
?>

Expected result:
----------------
unicode(5) "hello"
unicode(5) "hello"
unicode(5) "hello"
unicode(5) "hello"
unicode(5) "hello"
unicode(5) "hello"
unicode(5) "hello"
unicode(5) "hello"

Actual result:
--------------
On Windows: crashes
On linux(RHEL4):
Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 1066789985 bytes) in %s on line %d

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2007-11-23 00:28 UTC] felipe@php.net

Works fine. (php6.0-200711202130)

[2008-01-21 13:09 UTC] felipe@php.net

I reproduced the problem.

Simple fix:

Index: ext/standard/string.c
===================================================================
RCS file: /repository/php-src/ext/standard/string.c,v
retrieving revision 1.662
diff -u -u -r1.662 string.c
--- ext/standard/string.c       16 Jan 2008 08:34:06 -0000      1.662
+++ ext/standard/string.c       21 Jan 2008 13:08:25 -0000
@@ -4443,7 +4443,7 @@
        }
 
        if (Z_TYPE_PP(str) == IS_UNICODE) {
-               int outlen;
+               int outlen = 0;
                UChar *outstr;
 
                if (ac == 2) {

[2008-01-21 14:37 UTC] tony2001@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Mon Apr 29 07:01:30 2024 UTC