php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #53685 Raise E_WARNING before returning NULL from preg_replace()
Submitted: 2011-01-07 03:51 UTC Modified: 2016-07-20 23:36 UTC
Votes:4
Avg. Score:4.5 ± 0.5
Reproduced:4 of 4 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (25.0%)
From: tstarling at wikimedia dot org Assigned: cmb (profile)
Status: Duplicate Package: PCRE related
PHP Version: 5.3SVN-2011-01-07 (SVN) OS:
Private report: No CVE-ID: None
 [2011-01-07 03:51 UTC] tstarling at wikimedia dot org
Description:
------------
php_pcre_replace_impl() responds to all errors in pcre_exec() by doing:

} else {
	pcre_handle_exec_error(count TSRMLS_CC);
	efree(result);
	result = NULL;
	break;
}

No warning is raised. This is very scary, since unexpectedly large user input may trigger PCRE_ERROR_MATCHLIMIT or similar. Most code that calls preg_replace() does not check for an error condition, the return value is simply converted to a string. So the net effect is that the string is deleted instead of just having some bits changed in it. 

Raising a warning would allow this condition to be more easily detected during testing, and more easily diagnosed during debugging. It would allow fuzz testing to be used. And it would bring preg_replace() into line with general conventions for error reporting in PHP internal functions.

Test script:
---------------
ini_set('pcre.backtrack_limit', 100)
print preg_replace( '/a.*a/', '', 'a'.str_repeat('b', 1000))


Expected result:
----------------
PHP Warning: pcre.backtrack_limit exceeded in preg_replace() in ....

Actual result:
--------------
Silence.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-01-12 23:24 UTC] felipe@php.net
-Type: Bug +Type: Feature/Change Request
 [2016-07-20 23:36 UTC] cmb@php.net
-Status: Open +Status: Duplicate -Assigned To: +Assigned To: cmb
 [2016-07-20 23:36 UTC] cmb@php.net
This is a duplicate of request #51103.
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Sat Oct 24 12:01:23 2020 UTC