Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:26630 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 26009 invoked by uid 1010); 15 Nov 2006 21:17:10 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 25994 invoked from network); 15 Nov 2006 21:17:10 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 15 Nov 2006 21:17:10 -0000 Authentication-Results: pb1.pair.com smtp.mail=zeev@zend.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=zeev@zend.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain zend.com designates 212.25.124.162 as permitted sender) X-PHP-List-Original-Sender: zeev@zend.com X-Host-Fingerprint: 212.25.124.162 mail.zend.com Linux 2.5 (sometimes 2.4) (4) Received: from [212.25.124.162] ([212.25.124.162:2847] helo=mail.zend.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 3A/1A-53553-FC38B554 for ; Wed, 15 Nov 2006 16:17:10 -0500 Message-ID: <3A.1A.53553.FC38B554@pb1.pair.com> Received: (qmail 19888 invoked from network); 15 Nov 2006 21:15:35 -0000 Received: from localhost (HELO zeev-notebook.zend.com) (127.0.0.1) by localhost with SMTP; 15 Nov 2006 21:15:35 -0000 X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Wed, 15 Nov 2006 23:16:51 -0800 To: Sara Golemon Cc: ceo@l-i-e.com,internals@lists.php.net In-Reply-To: <455B80F8.9010402@php.net> References: <455B80F8.9010402@php.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: Re: [PHP-DEV] fgets()/fgetss() BC break in HEAD From: zeev@zend.com (Zeev Suraski) At 13:04 15/11/2006, Sara Golemon wrote: >ceo@l-i-e.com wrote: >>On Tue, November 14, 2006 2:59 pm, Sara Golemon wrote: >>>keeping. I'll lay money that NOONE is relying on this, and I >>>challenge >>>any of you to prove me wrong on that count. >>Errrr. >>You may want to re-think that bet... >>Surely somebody out there has: >>> $field_X = fgets($file, 10); //get the next 9 bytes >> $field_Y = fgets($file, 4); //get the next 3 bytes >>?> >Sorry, I meant to say "Noone with an IQ higher than twelve is >relying on this." Sara, My IQ is higher than 12, and I don't see how defensive coding could have defended against this BC break. This code is missing error checking, but that could be quite reasonable (e.g. if you check ahead of time that the file is big enough to match the format you're expecting - so it's not perfect, but it's quite reasonable). But even if it did have error checking, it would look something like this: $field_X = fgets($file, 10); if (strlen($field_X) != 9) { barf(); } So, after the BC break, it'd barf. There's really no way to protect against this BC break, and it's pretty clear this behavior is being relied upon. >>Or change the docs and the variable name to something other than >>maxchars is a perfect solution. :-) >Yes, and that's what I said both in this thread and on IRC before >the thread started. That's fine by me, but I think it's a different issue. The BC break should be reverted irregardless... Zeev