|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #67069 substr_compare() returns incorrect results when using default length
Submitted: 2014-04-13 22:42 UTC Modified: 2014-04-13 23:06 UTC
From: nachms+php at gmail dot com Assigned:
Status: Duplicate Package: Strings related
PHP Version: 5.5.11 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: nachms+php at gmail dot com
New email:
PHP Version: OS:


 [2014-04-13 22:42 UTC] nachms+php at gmail dot com
PHP in 5.5.11 is returning incorrect results from substr_compare() when length is left as the default setting. In 5.5.10, it worked correctly.

String checks returning equal when they are not equal is a security hole. Any application checking the end of a string to equal something, perhaps a user name, password, perhaps the extension on file types, or other file paths, is now going to think things are equal when they in fact are not.

The documentation for this function:
States if the length parameter is not passed:
"The default value is the largest of the length of the str compared to the length of main_str less the offset."

Or in other words, max(main_str - offset, str), meaning it compares for whatever amount is left over in in the two strings.

However, in the included test, it seems lenth is always being set to 0.

Test script:
echo substr_compare('Cows',  'ws',  2), "\n";
echo substr_compare('Cows',  'ws',  -2), "\n";
echo substr_compare('Cows',  'ows',  3), "\n";
echo substr_compare('Cows',  'ows',  -3), "\n";
echo substr_compare('Cows',  'aws',  3), "\n";
echo substr_compare('Cows',  'aws',  -3), "\n";

Expected result:

Actual result:


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2014-04-13 22:53 UTC]
-Type: Security +Type: Bug
 [2014-04-13 23:06 UTC]
-Status: Open +Status: Duplicate
 [2014-04-13 23:06 UTC]
Looks like dupe of #67043, at least I am not seeing problems after the fix is applied. Please reopen if you still see it after updating to latest code.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Apr 25 09:01:29 2024 UTC