php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #54556 array access to empty var does not trigger a notice
Submitted: 2011-04-18 10:23 UTC Modified: 2019-08-29 12:55 UTC
Votes:24
Avg. Score:4.2 ± 0.8
Reproduced:19 of 19 (100.0%)
Same Version:3 (15.8%)
Same OS:2 (10.5%)
From: kal dot el dot ias at gmx dot net Assigned: dmitry (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: trunk-SVN-2011-04-18 (snap) OS: Ubuntu 10.04.2 LTS
Private report: No CVE-ID: None
 [2011-04-18 10:23 UTC] kal dot el dot ias at gmx dot net
Description:
------------
see script

Test script:
---------------
<?php

class Foo {
  private $bar;
  function nonotice(){
    var_dump($this->bar['yeah']);
  }
}

$foo = new Foo();
$foo->nonotice();

Expected result:
----------------
notice: access to undefined array blah

Actual result:
--------------
NULL

Patches

wrong-array-access.diff (last revision 2011-09-14 13:51 UTC by dmitry@php.net)
php-5-3-use-a-null-as-array-trigger-notice (last revision 2011-07-26 11:12 UTC by laruence@php.net)

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-04-18 10:59 UTC] kal dot el dot ias at gmx dot net
hmm, it's the same for normal variables and it's not an error reporting problem.

<?php
error_reporting(E_ALL);
$foo = null;
var_dump($bar, $foo['blah']);

OUTPUT:
PHP Notice:  Undefined variable: bar in /tmp/test2.php on line 5
NULL
NULL

--

well, i had the feeling that array access on null values would cause an notice.
 [2011-04-26 14:42 UTC] kal dot el dot ias at gmx dot net
bump
 [2011-04-27 09:56 UTC] kal dot el dot ias at gmx dot net
-Summary: array access to empty class member does not trigger a notice +Summary: array access to empty var does not trigger a notice
 [2011-04-27 09:56 UTC] kal dot el dot ias at gmx dot net
title changed
 [2011-06-05 03:48 UTC] felipe@php.net
-Package: Class/Object related +Package: Scripting Engine problem
 [2011-07-25 05:28 UTC] laruence@php.net
-Status: Open +Status: Verified
 [2011-07-25 05:29 UTC] laruence@php.net
The following patch has been added/updated:

Patch Name: php-5-3-use-a-null-as-array-trigger-notice
Revision:   1311586169
URL:        https://bugs.php.net/patch-display.php?bug=54556&patch=php-5-3-use-a-null-as-array-trigger-notice&revision=1311586169
 [2011-07-25 05:40 UTC] laruence@php.net
I have submit a patch for this.
and I think this situation should trigger a notice to help developers aware of 
this. since this mostly might be bad codes..
 [2011-07-25 12:10 UTC] laruence@php.net
The following patch has been added/updated:

Patch Name: php-5-3-use-a-null-as-array-trigger-notice
Revision:   1311595852
URL:        https://bugs.php.net/patch-display.php?bug=54556&patch=php-5-3-use-a-null-as-array-trigger-notice&revision=1311595852
 [2011-07-26 11:12 UTC] laruence@php.net
The following patch has been added/updated:

Patch Name: php-5-3-use-a-null-as-array-trigger-notice
Revision:   1311678742
URL:        https://bugs.php.net/patch-display.php?bug=54556&patch=php-5-3-use-a-null-as-array-trigger-notice&revision=1311678742
 [2011-09-14 07:28 UTC] laruence@php.net
-Assigned To: +Assigned To: dmitry
 [2011-09-14 07:28 UTC] laruence@php.net
dmitry, plz look at this, thanks
 [2011-09-14 13:51 UTC] dmitry@php.net
The following patch has been added/updated:

Patch Name: wrong-array-access.diff
Revision:   1316008264
URL:        https://bugs.php.net/patch-display.php?bug=54556&patch=wrong-array-access.diff&revision=1316008264
 [2011-09-14 13:53 UTC] dmitry@php.net
I've added a bit better patch (for trunk), but I'm not sure we need it.
At least it "breaks" about 30 tests.
 [2013-02-12 16:45 UTC] gtisza at gmail dot com
The same happens with every non-string scalar value, not just null:

<?php
error_reporting(E_ALL|E_STRICT);
$arr = false;
var_dump($arr['foo']['bar']['baz']); // NULL
?>

This is a major problem as lots of data access functions return null or false if the key is not found (memcached for example, or may active record libraries), so this bug can easily lead to unexpected behavior. In unfortunate cases (e.g. trying to load a usergroup blacklist from database) it might even lead to authentication bypass vulnerabilities and other severe security issues.
 [2014-10-07 13:34 UTC] mathiasgrimm at gmail dot com
I had the same a few days ago.
This behaviour occurs since php 4. I have never noticed that before.

https://bugs.php.net/bug.php?id=68110
 [2015-02-11 18:39 UTC] kevin dot sours at internetbrands dot com
There has been a patch for this for 4 years?  Any plans to land that in a release?
 [2016-10-06 15:29 UTC] bburnichon at gmail dot com
Bug is present for a really long time now.

https://3v4l.org/RUaHX

present in all versions since php 4!
Please fix this, some bad coding can lead to security vulnerabilities.
 [2017-10-24 05:22 UTC] kalle@php.net
-Status: Verified +Status: Assigned
 [2019-05-05 01:26 UTC] carusogabriel@php.net
The following pull request has been associated:

Patch Name: Fix #37676 : Add E_WARNING when using array-index on non valid container
On GitHub:  https://github.com/php/php-src/pull/2031
Patch:      https://github.com/php/php-src/pull/2031.patch
 [2019-08-29 12:55 UTC] nikic@php.net
-Status: Assigned +Status: Closed
 [2019-08-29 12:55 UTC] nikic@php.net
This generates

Notice: Trying to access array offset on value of type null

on PHP 7.4.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 00:01:28 2024 UTC