Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:44134 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 58981 invoked from network); 3 Jun 2009 18:45:30 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 3 Jun 2009 18:45:30 -0000 Authentication-Results: pb1.pair.com smtp.mail=php_lists@realplain.com; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=php_lists@realplain.com; sender-id=unknown Received-SPF: error (pb1.pair.com: domain realplain.com from 209.151.69.1 cause and error) X-PHP-List-Original-Sender: php_lists@realplain.com X-Host-Fingerprint: 209.151.69.1 liberty.vosn.net Linux 2.4/2.6 Received: from [209.151.69.1] ([209.151.69.1:39742] helo=liberty.vosn.net) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 2C/7D-19828-6C4C62A4 for ; Wed, 03 Jun 2009 14:45:28 -0400 Received: from 75-120-255-76.dyn.centurytel.net ([75.120.255.76]:62269 helo=pc1) by liberty.vosn.net with smtp (Exim 4.69) (envelope-from ) id 1MBvSj-0007m4-1F for internals@lists.php.net; Wed, 03 Jun 2009 12:45:21 -0600 Message-ID: <7435CCB5C8694BDCAAC90C165570A3E1@pc1> To: Date: Wed, 3 Jun 2009 13:45:17 -0500 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.5512 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.5579 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - liberty.vosn.net X-AntiAbuse: Original Domain - lists.php.net X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - realplain.com Subject: [PATCH] create_function/zend_eval_string aren't binary-safe From: php_lists@realplain.com ("Matt Wilmas") Hi all, I first noticed this with preg_replace()'s /e modifier (SO many other issues with that...), but it also happens with create_function() and a few other places where zend_eval_string() is used. Other code evaluation in PHP is binary-safe, so it seems like these areas should be as well? In case an example is needed: $func = create_function('', "return strlen('Test\0string');"); echo $func(); Patches: http://realplain.com/php/binary_eval_string.diff http://realplain.com/php/binary_eval_string_5_3.diff Can they be applied? (Also a small optimization by eliminating strlen() usage.) May want to verify the ext/interbase change. I noticed there are several zend_eval_string() references in PECL sources [1], which would be a problem after adding a string length parameter... How is that handled? Should the updated function be eval_stringL instead and add macros for compatibility? [1] http://lxr.php.net/ident?i=zend_eval_string Thanks, Matt