php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #54556 array access to empty var does not trigger a notice
Submitted: 2011-04-18 10:23 UTC Modified: 2017-10-24 05:22 UTC
Votes:19
Avg. Score:4.3 ± 0.8
Reproduced:15 of 15 (100.0%)
Same Version:3 (20.0%)
Same OS:2 (13.3%)
From: kal dot el dot ias at gmx dot net Assigned: dmitry (profile)
Status: Assigned Package: Scripting Engine problem
PHP Version: trunk-SVN-2011-04-18 (snap) OS: Ubuntu 10.04.2 LTS
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: kal dot el dot ias at gmx dot net
New email:
PHP Version: OS:

 

 [2011-04-18 10:23 UTC] kal dot el dot ias at gmx dot net
Description:
------------
see script

Test script:
---------------
<?php

class Foo {
  private $bar;
  function nonotice(){
    var_dump($this->bar['yeah']);
  }
}

$foo = new Foo();
$foo->nonotice();

Expected result:
----------------
notice: access to undefined array blah

Actual result:
--------------
NULL

Patches

wrong-array-access.diff (last revision 2011-09-14 13:51 UTC) by dmitry@php.net)
php-5-3-use-a-null-as-array-trigger-notice (last revision 2011-07-26 11:12 UTC) by laruence@php.net)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-04-18 10:59 UTC] kal dot el dot ias at gmx dot net
hmm, it's the same for normal variables and it's not an error reporting problem.

<?php
error_reporting(E_ALL);
$foo = null;
var_dump($bar, $foo['blah']);

OUTPUT:
PHP Notice:  Undefined variable: bar in /tmp/test2.php on line 5
NULL
NULL

--

well, i had the feeling that array access on null values would cause an notice.
 [2011-04-26 14:42 UTC] kal dot el dot ias at gmx dot net
bump
 [2011-04-27 09:56 UTC] kal dot el dot ias at gmx dot net
-Summary: array access to empty class member does not trigger a notice +Summary: array access to empty var does not trigger a notice
 [2011-04-27 09:56 UTC] kal dot el dot ias at gmx dot net
title changed
 [2011-06-05 03:48 UTC] felipe@php.net
-Package: Class/Object related +Package: Scripting Engine problem
 [2011-07-25 05:28 UTC] laruence@php.net
-Status: Open +Status: Verified
 [2011-07-25 05:29 UTC] laruence@php.net
The following patch has been added/updated:

Patch Name: php-5-3-use-a-null-as-array-trigger-notice
Revision:   1311586169
URL:        https://bugs.php.net/patch-display.php?bug=54556&patch=php-5-3-use-a-null-as-array-trigger-notice&revision=1311586169
 [2011-07-25 05:40 UTC] laruence@php.net
I have submit a patch for this.
and I think this situation should trigger a notice to help developers aware of 
this. since this mostly might be bad codes..
 [2011-07-25 12:10 UTC] laruence@php.net
The following patch has been added/updated:

Patch Name: php-5-3-use-a-null-as-array-trigger-notice
Revision:   1311595852
URL:        https://bugs.php.net/patch-display.php?bug=54556&patch=php-5-3-use-a-null-as-array-trigger-notice&revision=1311595852
 [2011-07-26 11:12 UTC] laruence@php.net
The following patch has been added/updated:

Patch Name: php-5-3-use-a-null-as-array-trigger-notice
Revision:   1311678742
URL:        https://bugs.php.net/patch-display.php?bug=54556&patch=php-5-3-use-a-null-as-array-trigger-notice&revision=1311678742
 [2011-09-14 07:28 UTC] laruence@php.net
-Assigned To: +Assigned To: dmitry
 [2011-09-14 07:28 UTC] laruence@php.net
dmitry, plz look at this, thanks
 [2011-09-14 13:51 UTC] dmitry@php.net
The following patch has been added/updated:

Patch Name: wrong-array-access.diff
Revision:   1316008264
URL:        https://bugs.php.net/patch-display.php?bug=54556&patch=wrong-array-access.diff&revision=1316008264
 [2011-09-14 13:53 UTC] dmitry@php.net
I've added a bit better patch (for trunk), but I'm not sure we need it.
At least it "breaks" about 30 tests.
 [2013-02-12 16:45 UTC] gtisza at gmail dot com
The same happens with every non-string scalar value, not just null:

<?php
error_reporting(E_ALL|E_STRICT);
$arr = false;
var_dump($arr['foo']['bar']['baz']); // NULL
?>

This is a major problem as lots of data access functions return null or false if the key is not found (memcached for example, or may active record libraries), so this bug can easily lead to unexpected behavior. In unfortunate cases (e.g. trying to load a usergroup blacklist from database) it might even lead to authentication bypass vulnerabilities and other severe security issues.
 [2014-10-07 13:34 UTC] mathiasgrimm at gmail dot com
I had the same a few days ago.
This behaviour occurs since php 4. I have never noticed that before.

https://bugs.php.net/bug.php?id=68110
 [2015-02-11 18:39 UTC] kevin dot sours at internetbrands dot com
There has been a patch for this for 4 years?  Any plans to land that in a release?
 [2016-10-06 15:29 UTC] bburnichon at gmail dot com
Bug is present for a really long time now.

https://3v4l.org/RUaHX

present in all versions since php 4!
Please fix this, some bad coding can lead to security vulnerabilities.
 [2017-10-24 05:22 UTC] kalle@php.net
-Status: Verified +Status: Assigned
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC