|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79899 assert() is not binary-safe
Submitted: 2020-07-26 18:14 UTC Modified: 2021-03-12 11:25 UTC
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: fpoirotte+php-bugs at gmail dot com Assigned: cmb (profile)
Status: Wont fix Package: PHP options/info functions
PHP Version: 7.4.8 OS: Debian GNU/Linux Bullseye
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2020-07-26 18:14 UTC] fpoirotte+php-bugs at gmail dot com
The $description argument of assert() is not binary-safe.
When the description is displayed, it will get truncated at the first null (\0) byte.

Test script:

// run with: php -d zend.assertions=1 -f /tmp/test.php

ini_set("display_errors", 1);
assert_options(ASSERT_ACTIVE, true);
assert_options(ASSERT_WARNING, true);

assert(false, "foo\000bar");

Expected result:
Warning: assert(): foobar failed in /tmp/test.php on line 10

Actual result:
Warning: assert(): foo failed in /tmp/test.php on line 10


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2020-07-27 15:27 UTC]
-Package: Unknown/Other Function +Package: PHP options/info functions
 [2021-03-12 11:25 UTC]
-Status: Open +Status: Wont fix -Assigned To: +Assigned To: cmb
 [2021-03-12 11:25 UTC]
Using assert_options() is discouraged as of PHP 7.0.0, and I don't
see any valid reason not to enable assert.exception (what is
actually the default as of PHP 8.0.0), since assertions are a
development feature, and a failing assertion hints at a
programming error.  The exception shows the full description, so
there is no issue, besides that there is no good reason to include
NUL bytes in the description in the first place.
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Tue May 11 11:01:23 2021 UTC