#27922 [NEW]: str_ireplace crashes if length(search) > length(replace)

mauricio dot seeberger at iwi dot unibe dot ch Thu, 08 Apr 2004 10:36:48 -0700

From:             mauricio dot seeberger at iwi dot unibe dot ch
Operating system: Gentoo Linux 2.6.4 / Apache2
PHP version:      5.0.0RC1
PHP Bug Type:     Reproducible crash
Bug description:  str_ireplace crashes if length(search) > length(replace)


Description:
------------
If the first argument of str_ireplace is shorter than the  

second one, the function crashes (segfault).  

 

diff php.ini-dist /etc/php/apache2-php5/php.ini 

79c79 

< short_open_tag = On 

--- 

> short_open_tag = Off 

410c410 

< ;default_charset = "iso-8859-1" 

--- 

> default_charset = "iso-8859-1" 

438c438 

< extension_dir = "./" 

--- 

> extension_dir 

= /usr/lib/php/extensions/no-debug-non-zts-20040316 

496c496,498 

< allow_url_fopen = On 

--- 

> ; allow_url_fopen = On 

> ; Closed for security - <[EMAIL PROTECTED]> 

> allow_url_fopen = Off 

534c536 

< ; extension_dir directive above. 

--- 

> ; extension_dir 

= /usr/lib/php/extensions/no-debug-non-zts-20040316 

879c881 

< session.cookie_lifetime = 0 

--- 

> session.cookie_lifetime = 1800 

 

 

The configure line from phpinfo(): 

'./configure' '--prefix=/usr' '--host=i686-pc-linux-gnu' 

'--mandir=/usr/share/man' '--infodir=/usr/share/info' 

'--datadir=/usr/share' '--sysconfdir=/etc' 

'--localstatedir=/var/lib' '--with-apxs2=/usr/sbin/apxs2' 

'--with-ndbm=/usr' '--with-db4=/usr' '--with-mcrypt=/usr' 

'--with-mhash=/usr' '--without-interbase' '--without-ming' 

'--without-swf' '--without-sybase' '--with-gdbm=/usr' 

'--without-fdftk' '--without-java' '--with-mcal=/usr' 

'--with-unixODBC=/usr' '--with-pgsql=/usr' 

'--without-snmp' '--with-pdflib=/usr' '--with-gd' 

'--enable-gd-native-ttf' '--with-png=/usr' 

'--with-png-dir=/usr' '--with-jpeg=/usr' 

'--with-jpeg-dir=/usr' '--enable-exif' '--with-tiff=/usr' 

'--with-tiff-dir=/usr' '--with-mysql=/usr' 

'--with-mysql-sock=/var/run/mysqld/mysqld.sock' 

'--with-freetype-dir=/usr' '--with-ttf=/usr' 

'--with-t1lib=/usr' '--with-gettext' '--without-qtdom' 

'--with-pspell=/usr' '--with-openssl=/usr' 

'--with-imap=/usr' '--with-ldap=/usr' '--with-dom=/usr' 

'--with-dom-xslt=/usr' '--with-dom-exslt=/usr' 

'--with-kerberos=/usr' '--with-pam' 

'--disable-memory-limit' '--disable-ipv6' '--without-yaz' 

'--without-curl' '--enable-dbx' '--with-imap-ssl' 

'--with-zlib=/usr' '--with-zlib-dir=/usr' 

'--with-sablot=/usr' '--enable-xslt' '--with-xslt-sablot' 

'--with-xmlrpc' '--enable-wddx' '--with-xml' 

'--enable-mbstring=all' '--enable-mbregex' 

'--with-bz2=/usr' '--with-crack=/usr' '--with-cdb' 

'--enable-pcntl' '--enable-bcmath' '--enable-calendar' 

'--enable-dbase' '--enable-filepro' '--enable-ftp' 

'--with-mime-magic=/usr/share/misc/file/magic.mime' 

'--enable-sockets' '--enable-sysvsem' '--enable-sysvshm' 

'--enable-sysvipc' '--with-iconv' '--enable-shmop' 

'--enable-dio' '--enable-yp' '--without-ncurses' 

'--without-readline' '--enable-inline-optimization' 

'--enable-track-vars' '--enable-trans-sid' 

'--enable-versioning' 

'--with-config-file-path=/etc/php/apache2-php5'  

Reproduce code:
---------------
echo(str_ireplace('es','q','test'));



Expected result:
----------------
output should be: 

tqt 

Actual result:
--------------
An error occurred while loading http://..../test.php: 

Connection to host ... is broken 

 

In Apache2 error log I get following: 

[Thu Apr 08 19:20:43 2004] [notice] child pid 636 exit 

signal Segmentation fault (11) 

 

-- 
Edit bug report at http://bugs.php.net/?id=27922&edit=1
-- 
Try a CVS snapshot (php4):  http://bugs.php.net/fix.php?id=27922&r=trysnapshot4
Try a CVS snapshot (php5):  http://bugs.php.net/fix.php?id=27922&r=trysnapshot5
Fixed in CVS:               http://bugs.php.net/fix.php?id=27922&r=fixedcvs
Fixed in release:           http://bugs.php.net/fix.php?id=27922&r=alreadyfixed
Need backtrace:             http://bugs.php.net/fix.php?id=27922&r=needtrace
Need Reproduce Script:      http://bugs.php.net/fix.php?id=27922&r=needscript
Try newer version:          http://bugs.php.net/fix.php?id=27922&r=oldversion
Not developer issue:        http://bugs.php.net/fix.php?id=27922&r=support
Expected behavior:          http://bugs.php.net/fix.php?id=27922&r=notwrong
Not enough info:            http://bugs.php.net/fix.php?id=27922&r=notenoughinfo
Submitted twice:            http://bugs.php.net/fix.php?id=27922&r=submittedtwice
register_globals:           http://bugs.php.net/fix.php?id=27922&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=27922&r=php3
Daylight Savings:           http://bugs.php.net/fix.php?id=27922&r=dst
IIS Stability:              http://bugs.php.net/fix.php?id=27922&r=isapi
Install GNU Sed:            http://bugs.php.net/fix.php?id=27922&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=27922&r=float

#27922 [NEW]: str_ireplace crashes if length(search) > length(replace)

Reply via email to