|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2011-01-12 23:24 UTC] felipe@php.net
-Type: Bug
+Type: Feature/Change Request
[2016-07-20 23:36 UTC] cmb@php.net
-Status: Open
+Status: Duplicate
-Assigned To:
+Assigned To: cmb
[2016-07-20 23:36 UTC] cmb@php.net
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Fri Apr 26 14:01:29 2024 UTC |
Description: ------------ php_pcre_replace_impl() responds to all errors in pcre_exec() by doing: } else { pcre_handle_exec_error(count TSRMLS_CC); efree(result); result = NULL; break; } No warning is raised. This is very scary, since unexpectedly large user input may trigger PCRE_ERROR_MATCHLIMIT or similar. Most code that calls preg_replace() does not check for an error condition, the return value is simply converted to a string. So the net effect is that the string is deleted instead of just having some bits changed in it. Raising a warning would allow this condition to be more easily detected during testing, and more easily diagnosed during debugging. It would allow fuzz testing to be used. And it would bring preg_replace() into line with general conventions for error reporting in PHP internal functions. Test script: --------------- ini_set('pcre.backtrack_limit', 100) print preg_replace( '/a.*a/', '', 'a'.str_repeat('b', 1000)) Expected result: ---------------- PHP Warning: pcre.backtrack_limit exceeded in preg_replace() in .... Actual result: -------------- Silence.