php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #8421 preg_split() reproduce crash if (argc == 1)
Submitted: 2000-12-26 04:03 UTC Modified: 2000-12-27 09:00 UTC
From: sagawa at sohgoh dot net Assigned:
Status: Closed Package: PCRE related
PHP Version: 4.0.4 OS: Linux, Win32, Solaris and other
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
40 + 49 = ?
Subscribe to this entry?

 
 [2000-12-26 04:03 UTC] sagawa at sohgoh dot net
When preg_split's argc is only 1, like preg_split("/foo/"),
reproduce crash.
The cause of this problem is to forget the check of argc==1
in ext/pcre/php_pcre.c line 1070.

  1068 /* Get function parameters and do error checking */
  1069 argc = ZEND_NUM_ARGS();
  1070 if (argc < 1 || argc > 4 ||
zend_get_parameters_ex(argc, &regex, &subject, &limit,
&flags) == FAILURE) {
  1071        WRONG_PARAM_COUNT;
  1072 }

Thus this should be
  1070 if (argc < 2 || argc >4 || ...

This problem reason is very clear, so I don't attach gdb
backtrace. Thank you.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2000-12-27 09:00 UTC] andrei@php.net
Fixed in CVS.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Fri Mar 22 02:01:26 2019 UTC