|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79899 assert() is not binary-safe
Submitted: 2020-07-26 18:14 UTC Modified: 2021-03-12 11:25 UTC
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: fpoirotte+php-bugs at gmail dot com Assigned: cmb (profile)
Status: Wont fix Package: PHP options/info functions
PHP Version: 7.4.8 OS: Debian GNU/Linux Bullseye
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: fpoirotte+php-bugs at gmail dot com
New email:
PHP Version: OS:


 [2020-07-26 18:14 UTC] fpoirotte+php-bugs at gmail dot com
The $description argument of assert() is not binary-safe.
When the description is displayed, it will get truncated at the first null (\0) byte.

Test script:

// run with: php -d zend.assertions=1 -f /tmp/test.php

ini_set("display_errors", 1);
assert_options(ASSERT_ACTIVE, true);
assert_options(ASSERT_WARNING, true);

assert(false, "foo\000bar");

Expected result:
Warning: assert(): foobar failed in /tmp/test.php on line 10

Actual result:
Warning: assert(): foo failed in /tmp/test.php on line 10


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2020-07-27 15:27 UTC]
-Package: Unknown/Other Function +Package: PHP options/info functions
 [2021-03-12 11:25 UTC]
-Status: Open +Status: Wont fix -Assigned To: +Assigned To: cmb
 [2021-03-12 11:25 UTC]
Using assert_options() is discouraged as of PHP 7.0.0, and I don't
see any valid reason not to enable assert.exception (what is
actually the default as of PHP 8.0.0), since assertions are a
development feature, and a failing assertion hints at a
programming error.  The exception shows the full description, so
there is no issue, besides that there is no good reason to include
NUL bytes in the description in the first place.
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Thu May 13 07:01:23 2021 UTC