Fatal error in CsvEncoder #54709

Rudloff · 2024-04-23T20:14:16Z

Symfony version(s) affected

7.0.6

Description

Fuzzing reveals that CsvEncoder throws a fatal error with some values:

PHP Fatal error:  Uncaught TypeError: Cannot access offset of type string on string in /home/pierre/www/fuzzer/vendor/symfony/serializer/Encoder/CsvEncoder.php:179

How to reproduce

Here is the smallest value I was able to reproduce with:

<?php

require __DIR__.'/vendor/autoload.php';

$encoder = new \Symfony\Component\Serializer\Encoder\CsvEncoder();
var_dump($encoder->decode(',.
,', 'csv'));

Possible Solution

No response

Additional Context

I am using php-fuzzer to test various input.

The text was updated successfully, but these errors were encountered:

…eys (xabbuh) This PR was merged into the 5.4 branch. Discussion ---------- [Serializer] convert empty CSV header names into numeric keys | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Issues | Fix #54709 | License | MIT Commits ------- 93ee57b convert empty CSV header names into numeric keys

Rudloff added the Bug label Apr 23, 2024

carsonbot added the Status: Needs Review label Apr 23, 2024

xabbuh mentioned this issue Apr 24, 2024

[Serializer] convert empty CSV header names into numeric keys #54714

Merged

xabbuh added the Serializer label Apr 24, 2024

fabpot closed this as completed May 1, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fatal error in CsvEncoder #54709

Fatal error in CsvEncoder #54709

Rudloff commented Apr 23, 2024

Fatal error in CsvEncoder #54709

Fatal error in CsvEncoder #54709

Comments

Rudloff commented Apr 23, 2024

Symfony version(s) affected

Description

How to reproduce

Possible Solution

Additional Context