php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #76124 Better way to detect PCRE errors such as invalid patterns
Submitted: 2018-03-21 11:53 UTC Modified: 2018-03-21 17:28 UTC
Votes:2
Avg. Score:2.0 ± 1.0
Reproduced:0 of 0 (0.0%)
From: graefrath at femu dot rwth-aachen dot de Assigned:
Status: Open Package: PCRE related
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: graefrath at femu dot rwth-aachen dot de
New email:
PHP Version: OS:

 

 [2018-03-21 11:53 UTC] graefrath at femu dot rwth-aachen dot de 
Description:
------------
preg_match returns false in case of an error. However, not all errors that can occur have corresponding error codes returned by preg_last_error. Additionally, the last error is not cleared when a PCRE function is called and there is no function to manually clear it. This makes it very hard to reliably detect errors such as invalid patterns. Consider the following example:

@preg_match("/./u", "\xff"); // returns false and sets preg_last_error to PREG_BAD_UTF8_ERROR

@preg_match("invalidpattern", ""); // returns false, but preg_last_error is still PREG_BAD_UTF8_ERROR

The only way to detect the invalid pattern error is to catch the PHP warning that is being raised. This seems really inconsistent to me. Since PHP < 7 does not have error_clear_last yet, it is also not trivial to figure out whether you have to look at the last PHP error or the last PCRE error, since a PHP error message starting with preg_ could also be from a previous call.

Expected result:
----------------
I expect the return value of preg_last_error to reflect all kinds of errors correctly, not just some of them.

Actual result:
--------------
preg_last_error returns a valid error code only for some errors, while other are indicated by PHP warnings.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-03-21 16:30 UTC] cmb@php.net 
> Additionally, the last error is not cleared when a PCRE function
is called […]

In my opinion, this is a bug.
 [2018-03-21 17:28 UTC] graefrath at femu dot rwth-aachen dot de 
If the next preg_match call succeeds, the last error is indeed cleared (reset to PREG_NO_ERROR). So there is no problem there. Only when the call fails due to an error that does not have an error code, such as an invalid pattern, the last error is left unchanged. Technically, it's just a warning. So I'm guessing this is actually the intended behavior and not a bug. But to me, an invalid pattern should really be an error with a proper PREG_ code. Having to use two different mechanisms to catch all possible errors (and warnings) seems a little convoluted.

Additionally, the documentation for preg_match doesn't mention any PHP warnings. I suppose there are other situations that can give you warnings as well.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Tue Apr 23 10:01:29 2024 UTC