php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70697 json_decode fatal error instead of parse error
Submitted: 2015-10-12 12:30 UTC Modified: 2015-10-21 19:44 UTC
From: glen at delfi dot ee Assigned: bukka (profile)
Status: Duplicate Package: JSON related
PHP Version: 5.6.14 OS:
Private report: No CVE-ID: None
 [2015-10-12 12:30 UTC] glen at delfi dot ee
Description:
------------
json with "\0000token" causes fatal error when decoding $assoc=true, however it passes with $assoc=false.

it should return NULL and set json_last_error flag:

➔ php56 t.php 
int(1)
array(1) {
  ["foo"]=>
  array(1) {
    ["l"]=>
    array(1) {
      ["uid"]=>
      string(0) ""
    }
  }
}
PHP Fatal error:  Cannot access property started with '\0' in t.php on line 4
➔ cat t.php 
<?php

var_dump(1, json_decode('{"foo": {"\u0000l": {"uid":""} } }', true));
var_dump(2, json_decode('{"foo": {"\u0000l": {"uid":""} } }', false));
➔ 



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-10-12 14:42 UTC] glen at delfi dot ee
here's some research what the '\0' thing used to be:

http://stackoverflow.com/a/5484777/2314626
 [2015-10-12 14:43 UTC] glen at delfi dot ee
could this be changed to catchable error?
or completely removed now that Reflection solves the hack need?
 [2015-10-12 14:49 UTC] glen at delfi dot ee
found related bug: https://bugs.php.net/bug.php?id=68546

but it does not have information in what version it was implemented
 [2015-10-21 17:56 UTC] bukka@php.net
-Status: Open +Status: Duplicate -Assigned To: +Assigned To: bukka
 [2015-10-21 17:56 UTC] bukka@php.net
This has been fixed and is part of 7.0. It's also a duplicate of https://bugs.php.net/bug.php?id=68546 as noted in previous comment.
 [2015-10-21 19:44 UTC] glen at delfi dot ee
any chance to backport it to 5.6?
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sat Sep 21 09:01:27 2019 UTC