Fix Bug #80972: Memory exhaustion on invalid string offset

[Girgias]

No description provided.

[Girgias]

I just realized that this might actually impact PHP 7 if an error_handler has been set to throw exceptions on warnings.

[nikic]

There's some test failures...

[hormus]

https://wiki.php.net/rfc/saner-numeric-strings
PHP 8 Leading numeric strings will emit the “Illegal string offset” warning instead of the “A non well formed numeric value encountered” notice, and continue to evaluate to their respective values.
Non-numeric strings which emitted the “Illegal string offset” warning will throw an “Illegal offset type” TypeError.
Prior php 8 Warning: Illegal string offset.
`<?php

//Bad
$string = 'Here is some text for good measure';

$string[(string) 10e120] = 'E';
var_dump($string);

?>`
Good $string = array() // inizialized array. Compatible with php 7.4 syntax https://wiki.php.net/rfc/notice-for-non-valid-array-container

undoubtedly the error should not cause php to block but be captured by the syntax.

[Girgias]

https://wiki.php.net/rfc/saner-numeric-strings
PHP 8 Leading numeric strings will emit the “Illegal string offset” warning instead of the “A non well formed numeric value encountered” notice, and continue to evaluate to their respective values.
Non-numeric strings which emitted the “Illegal string offset” warning will throw an “Illegal offset type” TypeError.
Prior php 8 Warning: Illegal string offset.
`<?php

//Bad
$string = 'Here is some text for good measure';

$string[(string) 10e120] = 'E';
var_dump($string);

?>`
Good $string = array() // inizialized array. Compatible with php 7.4 syntax https://wiki.php.net/rfc/notice-for-non-valid-array-container

undoubtedly the error should not cause php to block but be captured by the syntax.

Sorry what? I don't understand what you mean.
Float strings throw since PHP 8.0 because they always emitted a E_WARNING and they have been promoted to throw an Error, that's specified in the RFC (that I wrote) that you linked.

[hormus]

https://bugs.php.net/bug.php?id=80972
In this report you only have to create an array it cannot be initially a string variable and after an array otherwise type error for php 8 or prior php 8 Warning: Illegal string offset.

[Girgias]

I still do not understand what you're getting at? Are you talking about a simpler reproducible? In that case provide one via https://3v4l.org, but I know it is not just large float string where this is an issue, if you look at the test I amended it with a simpler case. But I only found this issue because of the memory exhaustion hence the bug title.

[hormus]

https://3v4l.org/RaPYR#output
the problem is even before the float, the variable $string of type "string" is not allowed if you later use the short syntax with square brackets to create an "array" initially $string can only be of type array, try my link to comment "Good example $string = array();", you will still see the error but the error is the syntax used for $string, explicit cast in float works fine

[Girgias]

Yeah that's completely unrelated, an array can have string keys so I really don't see where the issue is.

[hormus]

https://www.php.net/manual/en/language.types.array.php#language.types.array.syntax.modifying
Sorry the blocking error will have to be intercepted php will not have to crash. There is a documentation problem to modify an existing array, it does not indicate that from php 5.4 and before php 8 it issues "Warning: Illegal string offset" if using the syntax for modification with square brackets on a variable other than array.
<?php $a = 'hi'; $a['text'] = 'word'; var_dump($a); // wi ?>

[cmb69]

"Warning: Illegal string offset" has nothing to do with arrays, but rather with strings, as your example above clearly shows.

[Danack]

Hi Hormus,

There appears to be a communication problem here; we can't really figure out what the problem is you are trying to describe.

If English isn't your native language, please write the issue you think exists in your native language, as there's a good chance we might be able to understand that.

[hormus]

http://docs.php.net/manual/da/language.types.array.php
"From PHP 5.4, string offset access made consistent. As a result, some return values may be different from older version. As of PHP 5.4, string offsets should be an integer or an integer like string, otherwise the result will be a warning."
PHP 5.4 >= AND < PHP 8 Example 2:
<?php $str = 'abc'; var_dump($str['x']); // Warning: Illegal string offset // Output: string(1) "a" var_dump(isset($str['x'])); // Output: bool(false)
https://bugs.php.net/bug.php?id=80972
Bad first variable $string.