php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #79899 assert() is not binary-safe
Submitted: 2020-07-26 18:14 UTC Modified: 2021-03-12 11:25 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: fpoirotte+php-bugs at gmail dot com Assigned: cmb (profile)
Status: Wont fix Package: PHP options/info functions
PHP Version: 7.4.8 OS: Debian GNU/Linux Bullseye
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: fpoirotte+php-bugs at gmail dot com
New email:
PHP Version: OS:

 

 [2020-07-26 18:14 UTC] fpoirotte+php-bugs at gmail dot com 
Description:
------------
The $description argument of assert() is not binary-safe.
When the description is displayed, it will get truncated at the first null (\0) byte.

Test script:
---------------
<?php

// run with: php -d zend.assertions=1 -f /tmp/test.php

error_reporting(E_ALL);
ini_set("display_errors", 1);
assert_options(ASSERT_ACTIVE, true);
assert_options(ASSERT_WARNING, true);

assert(false, "foo\000bar");

Expected result:
----------------
Warning: assert(): foobar failed in /tmp/test.php on line 10

Actual result:
--------------
Warning: assert(): foo failed in /tmp/test.php on line 10

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-07-27 15:27 UTC] cmb@php.net
-Package: Unknown/Other Function +Package: PHP options/info functions
 [2021-03-12 11:25 UTC] cmb@php.net
-Status: Open +Status: Wont fix -Assigned To: +Assigned To: cmb
 [2021-03-12 11:25 UTC] cmb@php.net 
Using assert_options() is discouraged as of PHP 7.0.0, and I don't
see any valid reason not to enable assert.exception (what is
actually the default as of PHP 8.0.0), since assertions are a
development feature, and a failing assertion hints at a
programming error.  The exception shows the full description, so
there is no issue, besides that there is no good reason to include
NUL bytes in the description in the first place.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 26 20:01:29 2024 UTC