php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #71994 Octal escape sequences are not checked for overflow
Submitted: 2016-04-08 19:58 UTC Modified: 2018-11-23 09:23 UTC
Votes:2
Avg. Score:4.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:2 (100.0%)
From: dragondreamer at live dot com Assigned: pollita (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: Irrelevant OS: Any
Private report: No CVE-ID: None
 [2016-04-08 19:58 UTC] dragondreamer at live dot com
Description:
------------
Octal escape sequences in double quotes or backticks are not checked for overflow.

Test script:
---------------
<?php
echo ord("\777"[0]) . PHP_EOL;
echo ord("\666"[0]) . PHP_EOL;
echo ord("\555"[0]) . PHP_EOL;

Expected result:
----------------
Some kind of error, because all of \777, \666, \555 sequences are invalid, their value is greater than 255.

Actual result:
--------------
255
182
109

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-04-09 08:59 UTC] cmb@php.net
-Package: *Compile Issues +Package: Scripting Engine problem
 [2016-05-10 20:21 UTC] pollita@php.net
-Assigned To: +Assigned To: pollita
 [2016-05-14 00:28 UTC] pollita@php.net
-Status: Assigned +Status: Closed
 [2016-05-14 00:28 UTC] pollita@php.net
Agreed course of action is that as of PHP 7.1 we'll raise a compile time warning, but continue to allow the value to overflow.  At a later time, this may be promoted to a full error, but for now we're keeping BC.
 [2018-11-23 09:23 UTC] dragondreamer at live dot com
-: temp at temp dot ru +: dragondreamer at live dot com
 [2018-11-23 09:23 UTC] dragondreamer at live dot com
Edit e-mail address
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Nov 23 21:01:28 2024 UTC