Re: [PHP-DEV] Inconsistency mbstring functions

2023-12-05 Thread Robert Landers
On Tue, Dec 5, 2023 at 9:43 AM Stefan Schiller via internals wrote: > > On Mon, Dec 4, 2023 at 8:45 PM Alex wrote: > > > > Stefan, > > > >> > >> My biggest concern is that this quirk can cause security issues in > >> user code. I came across this in the first place when discovering an > >> exploi

Re: [PHP-DEV] Inconsistency mbstring functions

2023-12-05 Thread Stefan Schiller via internals
On Mon, Dec 4, 2023 at 8:45 PM Alex wrote: > > Stefan, > >> >> My biggest concern is that this quirk can cause security issues in >> user code. I came across this in the first place when discovering an >> exploitable security vulnerability in an application. From my point of >> view, this is not o

Re: [PHP-DEV] Inconsistency mbstring functions

2023-12-04 Thread youkidearitai
2023年12月4日(月) 22:25 Robert Landers : > > On Mon, Dec 4, 2023 at 1:51 PM Stefan Schiller via internals > wrote: > > > > On Sat, Dec 2, 2023 at 6:13 AM Alex wrote: > > > > > > Dear Stefan, and Dear Gina, > > > > > > Thanks for the message. Yes, Stefan has rediscovered an interesting quirk > > > of

Re: [PHP-DEV] Inconsistency mbstring functions

2023-12-04 Thread Robert Landers
On Mon, Dec 4, 2023 at 1:51 PM Stefan Schiller via internals wrote: > > On Sat, Dec 2, 2023 at 6:13 AM Alex wrote: > > > > Dear Stefan, and Dear Gina, > > > > Thanks for the message. Yes, Stefan has rediscovered an interesting quirk > > of the mbstring library. I have been aware of this for a lo

Re: [PHP-DEV] Inconsistency mbstring functions

2023-12-04 Thread Stefan Schiller via internals
On Sat, Dec 2, 2023 at 6:13 AM Alex wrote: > > Dear Stefan, and Dear Gina, > > Thanks for the message. Yes, Stefan has rediscovered an interesting quirk of > the mbstring library. I have been aware of this for a long time, and other > mbstring developers have too. It dates back to the origin of

Re: [PHP-DEV] Inconsistency mbstring functions

2023-12-01 Thread youkidearitai
2023年12月1日(金) 18:48 G. P. B. : > > On Fri, 1 Dec 2023 at 09:31, Stefan Schiller via internals < > internals@lists.php.net> wrote: > > > Hi, > > > > I would like to raise attention to an inconsistency in how mbstring > > functions handle invalid multibyte sequences. When, for example, > > mb_strpos

Re: [PHP-DEV] Inconsistency mbstring functions

2023-12-01 Thread G. P. B.
On Fri, 1 Dec 2023 at 09:31, Stefan Schiller via internals < internals@lists.php.net> wrote: > Hi, > > I would like to raise attention to an inconsistency in how mbstring > functions handle invalid multibyte sequences. When, for example, > mb_strpos encounters a UTF-8 leading byte, it tries to par

[PHP-DEV] Inconsistency mbstring functions

2023-12-01 Thread Stefan Schiller via internals
Hi, I would like to raise attention to an inconsistency in how mbstring functions handle invalid multibyte sequences. When, for example, mb_strpos encounters a UTF-8 leading byte, it tries to parse the following continuation bytes until the full byte sequence is read. If an invalid byte is encount