php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #8421 preg_split() reproduce crash if (argc == 1)
Submitted: 2000-12-26 04:03 UTC Modified: 2000-12-27 09:00 UTC
From: sagawa at sohgoh dot net Assigned:
Status: Closed Package: PCRE related
PHP Version: 4.0.4 OS: Linux, Win32, Solaris and other
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: sagawa at sohgoh dot net
New email:
PHP Version: OS:

 

 [2000-12-26 04:03 UTC] sagawa at sohgoh dot net
When preg_split's argc is only 1, like preg_split("/foo/"),
reproduce crash.
The cause of this problem is to forget the check of argc==1
in ext/pcre/php_pcre.c line 1070.

  1068 /* Get function parameters and do error checking */
  1069 argc = ZEND_NUM_ARGS();
  1070 if (argc < 1 || argc > 4 ||
zend_get_parameters_ex(argc, &regex, &subject, &limit,
&flags) == FAILURE) {
  1071        WRONG_PARAM_COUNT;
  1072 }

Thus this should be
  1070 if (argc < 2 || argc >4 || ...

This problem reason is very clear, so I don't attach gdb
backtrace. Thank you.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2000-12-27 09:00 UTC] andrei@php.net
Fixed in CVS.
 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Sun Nov 18 02:01:26 2018 UTC