diff options
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | ext/mbstring/mbstring.c | 11 | ||||
| -rw-r--r-- | ext/mbstring/tests/bug77454.phpt | 16 |
3 files changed, 23 insertions, 6 deletions
@@ -27,6 +27,8 @@ PHP NEWS - Mbstring: . Fixed bug #77428 (mb_ereg_replace() doesn't replace a substitution variable). (Nikita) + . Fixed bug #77454 (mb_scrub() silently truncates after a null byte). + (64796c6e69 at gmail dot com) - MySQLnd: . Fixed bug #75684 (In mysqlnd_ext_plugin.h the plugin methods family has diff --git a/ext/mbstring/mbstring.c b/ext/mbstring/mbstring.c index ae8c4bef7f..0e255e98d2 100644 --- a/ext/mbstring/mbstring.c +++ b/ext/mbstring/mbstring.c @@ -5010,11 +5010,9 @@ PHP_FUNCTION(mb_chr) /* }}} */ -static inline char* php_mb_scrub(const char* str, size_t str_len, const mbfl_encoding *enc) +static inline char* php_mb_scrub(const char* str, size_t str_len, const mbfl_encoding *enc, size_t *ret_len) { - size_t ret_len; - - return php_mb_convert_encoding_ex(str, str_len, enc, enc, &ret_len); + return php_mb_convert_encoding_ex(str, str_len, enc, enc, ret_len); } @@ -5027,6 +5025,7 @@ PHP_FUNCTION(mb_scrub) char *enc_name = NULL; size_t enc_name_len; char *ret; + size_t ret_len; ZEND_PARSE_PARAMETERS_START(1, 2) Z_PARAM_STRING(str, str_len) @@ -5039,13 +5038,13 @@ PHP_FUNCTION(mb_scrub) RETURN_FALSE; } - ret = php_mb_scrub(str, str_len, enc); + ret = php_mb_scrub(str, str_len, enc, &ret_len); if (ret == NULL) { RETURN_FALSE; } - RETVAL_STRING(ret); + RETVAL_STRINGL(ret, ret_len); efree(ret); } /* }}} */ diff --git a/ext/mbstring/tests/bug77454.phpt b/ext/mbstring/tests/bug77454.phpt new file mode 100644 index 0000000000..b64452c79b --- /dev/null +++ b/ext/mbstring/tests/bug77454.phpt @@ -0,0 +1,16 @@ +--TEST-- +Bug #77454: mb_scrub() silently truncates after a null byte +--FILE-- +<?php +$str = "before\0after"; +function test($str, $enc) { + echo str_replace("\0", '\0', mb_scrub($str, $enc)), "\n"; +} +test($str, 'latin1'); +test($str, 'utf-8'); +test($str, 'ascii'); +?> +--EXPECT-- +before\0after +before\0after +before\0after |