[PHP-BUG] Bug #53685 [NEW]: Raise E_WARNING before returning NULL from preg_replace()

[tstarling at wikimedia dot org]

From:             
Operating system: 
PHP version:      5.3SVN-2011-01-07 (SVN)
Package:          PCRE related
Bug Type:         Bug
Bug description:Raise E_WARNING before returning NULL from preg_replace()

Description:
------------
php_pcre_replace_impl() responds to all errors in pcre_exec() by doing:



} else {

        pcre_handle_exec_error(count TSRMLS_CC);

        efree(result);

        result = NULL;

        break;

}



No warning is raised. This is very scary, since unexpectedly large user
input may trigger PCRE_ERROR_MATCHLIMIT or similar. Most code that calls
preg_replace() does not check for an error condition, the return value is
simply converted to a string. So the net effect is that the string is
deleted instead of just having some bits changed in it. 



Raising a warning would allow this condition to be more easily detected
during testing, and more easily diagnosed during debugging. It would allow
fuzz testing to be used. And it would bring preg_replace() into line with
general conventions for error reporting in PHP internal functions.

Test script:
---------------
ini_set('pcre.backtrack_limit', 100)

print preg_replace( '/a.*a/', '', 'a'.str_repeat('b', 1000))



Expected result:
----------------
PHP Warning: pcre.backtrack_limit exceeded in preg_replace() in ....

Actual result:
--------------
Silence.

-- 
Edit bug report at http://bugs.php.net/bug.php?id=53685&edit=1
-- 
Try a snapshot (PHP 5.2):            
http://bugs.php.net/fix.php?id=53685&r=trysnapshot52
Try a snapshot (PHP 5.3):            
http://bugs.php.net/fix.php?id=53685&r=trysnapshot53
Try a snapshot (trunk):              
http://bugs.php.net/fix.php?id=53685&r=trysnapshottrunk
Fixed in SVN:                        
http://bugs.php.net/fix.php?id=53685&r=fixed
Fixed in SVN and need be documented: 
http://bugs.php.net/fix.php?id=53685&r=needdocs
Fixed in release:                    
http://bugs.php.net/fix.php?id=53685&r=alreadyfixed
Need backtrace:                      
http://bugs.php.net/fix.php?id=53685&r=needtrace
Need Reproduce Script:               
http://bugs.php.net/fix.php?id=53685&r=needscript
Try newer version:                   
http://bugs.php.net/fix.php?id=53685&r=oldversion
Not developer issue:                 
http://bugs.php.net/fix.php?id=53685&r=support
Expected behavior:                   
http://bugs.php.net/fix.php?id=53685&r=notwrong
Not enough info:                     
http://bugs.php.net/fix.php?id=53685&r=notenoughinfo
Submitted twice:                     
http://bugs.php.net/fix.php?id=53685&r=submittedtwice
register_globals:                    
http://bugs.php.net/fix.php?id=53685&r=globals
PHP 4 support discontinued:          http://bugs.php.net/fix.php?id=53685&r=php4
Daylight Savings:                    http://bugs.php.net/fix.php?id=53685&r=dst
IIS Stability:                       
http://bugs.php.net/fix.php?id=53685&r=isapi
Install GNU Sed:                     
http://bugs.php.net/fix.php?id=53685&r=gnused
Floating point limitations:          
http://bugs.php.net/fix.php?id=53685&r=float
No Zend Extensions:                  
http://bugs.php.net/fix.php?id=53685&r=nozend
MySQL Configuration Error:           
http://bugs.php.net/fix.php?id=53685&r=mysqlcfg