diff options
author | Nikita Popov <nikita.ppv@gmail.com> | 2019-01-14 10:21:41 +0100 |
---|---|---|
committer | Nikita Popov <nikita.ppv@gmail.com> | 2019-01-14 10:22:48 +0100 |
commit | 3ad0ebdf5cdc6dbe077685907d012eaeac7ea6e4 (patch) | |
tree | f8cd9879266b22f35bbd295e61df62ff133c4369 | |
parent | 8f66ca8189fb603d69f6ff486341c4afa7ac93c1 (diff) | |
download | php-git-3ad0ebdf5cdc6dbe077685907d012eaeac7ea6e4.tar.gz |
Fixed bug #77454
-rw-r--r-- | NEWS | 4 | ||||
-rw-r--r-- | ext/mbstring/mbstring.c | 11 | ||||
-rw-r--r-- | ext/mbstring/tests/bug77454.phpt | 16 |
3 files changed, 25 insertions, 6 deletions
@@ -11,6 +11,10 @@ PHP NEWS . Fixed bug #77272 (imagescale() may return image resource on failure). (cmb) . Fixed bug #77391 (1bpp BMPs may fail to be loaded). (Romain Déoux, cmb) +- Mbstring: + . Fixed bug #77454 (mb_scrub() silently truncates after a null byte). + (64796c6e69 at gmail dot com) + - MySQLnd: . Fixed bug #75684 (In mysqlnd_ext_plugin.h the plugin methods family has no external visibility). (Anatol) diff --git a/ext/mbstring/mbstring.c b/ext/mbstring/mbstring.c index 2ec7f1a3a8..9973313985 100644 --- a/ext/mbstring/mbstring.c +++ b/ext/mbstring/mbstring.c @@ -5260,11 +5260,9 @@ PHP_FUNCTION(mb_chr) /* }}} */ -static inline char* php_mb_scrub(const char* str, size_t str_len, const char* enc) +static inline char* php_mb_scrub(const char* str, size_t str_len, const char* enc, size_t *ret_len) { - size_t ret_len; - - return php_mb_convert_encoding(str, str_len, enc, enc, &ret_len); + return php_mb_convert_encoding(str, str_len, enc, enc, ret_len); } @@ -5276,6 +5274,7 @@ PHP_FUNCTION(mb_scrub) char *enc = NULL; size_t enc_len; char *ret; + size_t ret_len; ZEND_PARSE_PARAMETERS_START(1, 2) Z_PARAM_STRING(str, str_len) @@ -5290,13 +5289,13 @@ PHP_FUNCTION(mb_scrub) RETURN_FALSE; } - ret = php_mb_scrub(str, str_len, enc); + ret = php_mb_scrub(str, str_len, enc, &ret_len); if (ret == NULL) { RETURN_FALSE; } - RETVAL_STRING(ret); + RETVAL_STRINGL(ret, ret_len); efree(ret); } /* }}} */ diff --git a/ext/mbstring/tests/bug77454.phpt b/ext/mbstring/tests/bug77454.phpt new file mode 100644 index 0000000000..b64452c79b --- /dev/null +++ b/ext/mbstring/tests/bug77454.phpt @@ -0,0 +1,16 @@ +--TEST-- +Bug #77454: mb_scrub() silently truncates after a null byte +--FILE-- +<?php +$str = "before\0after"; +function test($str, $enc) { + echo str_replace("\0", '\0', mb_scrub($str, $enc)), "\n"; +} +test($str, 'latin1'); +test($str, 'utf-8'); +test($str, 'ascii'); +?> +--EXPECT-- +before\0after +before\0after +before\0after |