Mantis Bugtracker
  

Viewing Issue Advanced Details Jump to Notes ] View Simple ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0003185 [Quercus] minor always 12-16-08 22:43 12-17-08 10:01
Reporter koreth View Status public  
Assigned To nam
Priority normal Resolution fixed Platform
Status closed   OS
Projection none   OS Version
ETA none Fixed in Version 4.0.0 Product Version 4.0.0
  Product Build
Summary 0003185: NPE after str_replace() in compiled mode
Description <?php
function foo() {
  $x = "ax";
  $search = array('a', 'b');
  $replace = array(' ', '-');
  $y = str_replace($search, $replace, $x);
  print var_export($y, true);
}
foo();

In compiled mode, this throws an NPE because str_replace() returns an actual Java null (not a NullValue instance). Looks like this is due to StringModule.strReplaceImpl() assuming that "result" has been initialized if the count is greater than 0, when in fact the count can be initialized to a nonzero value.

Patch:

--- a/modules/quercus/src/com/caucho/quercus/lib/string/StringModule.java
+++ b/modules/quercus/src/com/caucho/quercus/lib/string/StringModule.java
@@ -2728,7 +2728,7 @@ public class StringModule extends AbstractQuercusModule {
       count++;
     }
 
- if (count != 0) {
+ if (count != 0 && result != null) {
       countV.set(LongValue.create(count));
 
       int subjectLength = subject.length();
Steps To Reproduce
Additional Information
Attached Files

- Relationships

- Notes
(0003664)
nam
12-17-08 10:01

php/113n
 

- Issue History
Date Modified Username Field Change
12-16-08 22:43 koreth New Issue
12-17-08 06:26 nam Status new => assigned
12-17-08 06:26 nam Assigned To  => nam
12-17-08 10:01 nam Status assigned => closed
12-17-08 10:01 nam Note Added: 0003664
12-17-08 10:01 nam Resolution open => fixed
12-17-08 10:01 nam Fixed in Version  => 4.0.0


Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
29 total queries executed.
26 unique queries executed.
Powered by Mantis Bugtracker