|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #8421 preg_split() reproduce crash if (argc == 1)
Submitted: 2000-12-26 04:03 UTC Modified: 2000-12-27 09:00 UTC
From: sagawa at sohgoh dot net Assigned:
Status: Closed Package: PCRE related
PHP Version: 4.0.4 OS: Linux, Win32, Solaris and other
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: sagawa at sohgoh dot net
New email:
PHP Version: OS:


 [2000-12-26 04:03 UTC] sagawa at sohgoh dot net
When preg_split's argc is only 1, like preg_split("/foo/"),
reproduce crash.
The cause of this problem is to forget the check of argc==1
in ext/pcre/php_pcre.c line 1070.

  1068 /* Get function parameters and do error checking */
  1069 argc = ZEND_NUM_ARGS();
  1070 if (argc < 1 || argc > 4 ||
zend_get_parameters_ex(argc, &regex, &subject, &limit,
&flags) == FAILURE) {
  1071        WRONG_PARAM_COUNT;
  1072 }

Thus this should be
  1070 if (argc < 2 || argc >4 || ...

This problem reason is very clear, so I don't attach gdb
backtrace. Thank you.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2000-12-27 09:00 UTC]
Fixed in CVS.
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Tue Oct 19 16:03:35 2021 UTC