php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #45166 substr() overflow changes
Submitted: 2008-06-04 08:57 UTC Modified: 2008-11-05 18:55 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: marrtins at dqdp dot net Assigned:
Status: Closed Package: Strings related
PHP Version: 5.2 OS:
Private report: No CVE-ID:
 [2008-06-04 08:57 UTC] marrtins at dqdp dot net
Description:
------------
Please add a note in http://lv.php.net/manual/en/function.substr.php that substr() behaviour has been changed on newer versions (actually - why?!). Thanks.

Reproduce code:
---------------
v5.2.0, v4.4.0
php -r "print substr('cd', -3);"

v5.2.3, v5.2.5, v5.2.6
php -r "print substr('cd', -3);"

Expected result:
----------------
v5.2.0, v4.4.0
cd

v5.2.3, v5.2.5, v5.2.6
cd

Actual result:
--------------
v5.2.0, v4.4.0
cd

v5.2.3, v5.2.5, v5.2.6


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-11-05 16:29 UTC] vrana@php.net
Please specify exact version of the change.
 [2008-11-05 16:45 UTC] marrtins at dqdp dot net
Don`t know *exact* version of change, I have tested on PHP versions listed above and specified behaviours on each that version available to me.
 [2008-11-05 16:49 UTC] philip@php.net
4.3.1 - 5.2.1: cd
5.2.2 - 5.2.6: Boolean false
5.3.0a2: cd
 [2008-11-05 16:50 UTC] philip@php.net
Question: Did 5.3.0 intentionally revert to earlier behaviour? And if not already, we need a test case in php-src for this.
 [2008-11-05 16:54 UTC] marrtins at dqdp dot net
Seems to me it`s a bug, not documention problem.
 [2008-11-05 17:06 UTC] bjori@php.net
See also bug#40754
 [2008-11-05 17:14 UTC] philip@php.net
It appears to be. The change came from the following NEWS entry:

- Fixed bug #40754 (added substr() & substr_replace() overflow checks). (Ilia)

Some concerns were expressed in #40754 about the change... I'm changing this bug to "String related" until we know for sure.
 [2008-11-05 18:55 UTC] felipe@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 08:02:33 2014 UTC