From: Antony Dovgal Date: Fri, 24 Nov 2006 21:57:31 +0000 (+0000) Subject: fix #39621 (str_replace() is not binary safe on strings with equal length) X-Git-Tag: RELEASE_1_0_0RC1~909 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a1f6c395cf8d71c6ea5cf2ddb8bf37b7d77b6b89;p=php fix #39621 (str_replace() is not binary safe on strings with equal length) --- diff --git a/ext/standard/string.c b/ext/standard/string.c index 6c2ac0e9a4..6f2c18ac2c 100644 --- a/ext/standard/string.c +++ b/ext/standard/string.c @@ -5150,16 +5150,33 @@ nothing_todo: new_str = estrndup(haystack, length); return new_str; } else { - if (case_sensitivity ? strncmp(haystack, needle, length) : strncasecmp(haystack, needle, length)) { + if (case_sensitivity && memcmp(haystack, needle, length)) { goto nothing_todo; - } else { - *_new_length = str_len; - new_str = estrndup(str, str_len); - if (replace_count) { - (*replace_count)++; + } else if (!case_sensitivity) { + char *l_haystack, *l_needle; + + l_haystack = estrndup(haystack, length); + l_needle = estrndup(needle, length); + + php_strtolower(l_haystack, length); + php_strtolower(l_needle, length); + + if (memcmp(l_haystack, l_needle, length)) { + efree(l_haystack); + efree(l_needle); + goto nothing_todo; } - return new_str; + efree(l_haystack); + efree(l_needle); + } + + *_new_length = str_len; + new_str = estrndup(str, str_len); + + if (replace_count) { + (*replace_count)++; } + return new_str; } } @@ -5253,7 +5270,7 @@ nothing_todo: new_str = eustrndup(haystack, length); return new_str; } else { - if (u_strncmp(haystack, needle, length)) { + if (u_memcmp(haystack, needle, length)) { goto nothing_todo; } else { *_new_length = repl_len; diff --git a/ext/standard/tests/strings/bug39621.phpt b/ext/standard/tests/strings/bug39621.phpt new file mode 100644 index 0000000000..e9c4a3ff6f Binary files /dev/null and b/ext/standard/tests/strings/bug39621.phpt differ