|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77454 mb_scrub() silently truncates after a null byte
Submitted: 2019-01-13 16:27 UTC Modified: 2019-01-14 09:07 UTC
From: 64796c6e69 at gmail dot com Assigned: nikic (profile)
Status: Closed Package: mbstring related
PHP Version: master-Git-2019-01-13 (Git) OS: any
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: 64796c6e69 at gmail dot com
New email:
PHP Version: OS:


 [2019-01-13 16:27 UTC] 64796c6e69 at gmail dot com
mb_scrub() silently truncates anything after a null byte in a string.

This bug has existed since the function was created.

The arguments are read correctly, but the returned value ignores the length:

Test script:
$str = "before\0after";
var_dump(mb_scrub($str, 'latin1'));
var_dump(mb_scrub($str, 'utf-8'));
var_dump(mb_scrub($str, 'ascii'));

Expected result:
There should be a null byte in each of these.

string(12) "beforeafter"
string(12) "beforeafter"
string(12) "beforeafter"

Actual result:
string(6) "before"
string(6) "before"
string(6) "before"


mb_scrub.patch (last revision 2019-01-13 16:27 UTC by 64796c6e69 at gmail dot com)

Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2019-01-13 16:31 UTC] 64796c6e69 at gmail dot com
-Operating System: Linux +Operating System: any
 [2019-01-13 16:31 UTC] 64796c6e69 at gmail dot com
Updating OS.
 [2019-01-13 16:36 UTC]
-Type: Security +Type: Bug
 [2019-01-14 09:07 UTC]
-Assigned To: +Assigned To: nikic
 [2019-01-14 09:24 UTC]
Automatic comment on behalf of
Log: Fixed bug #77454
 [2019-01-14 09:24 UTC]
-Status: Assigned +Status: Closed
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Apr 15 03:01:28 2024 UTC