php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #35886 file_get_contents() fails with some combinations of offset & maxlen
Submitted: 2006-01-03 20:01 UTC Modified: 2006-06-05 23:13 UTC
Votes:7
Avg. Score:5.0 ± 0.0
Reproduced:3 of 3 (100.0%)
Same Version:1 (33.3%)
Same OS:2 (66.7%)
From: chris at lodesys dot com Assigned: wez (profile)
Status: Closed Package: Streams related
PHP Version: 5CVS-2006-01-03 (snap) OS: win32 only
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: chris at lodesys dot com
New email:
PHP Version: OS:

 

 [2006-01-03 20:01 UTC] chris at lodesys dot com 
Description:
------------
This one is weird.  For some value of offset & maxlen, file_get_contents will fail and crash PHP. (I'm running under Apache 1.3.34 and get a Dr. Watson).  The combination may have something to do with offset + maxlen just above 4096, but even that's not consistant.

Reproduce code:
---------------
$x = file_get_contents("C:/php/news.txt", FALSE, NULL, 500, 3596);  // WORKS

$x = file_get_contents("C:/php/news.txt", FALSE, NULL, 500, 3597);  // FAILS

$x = file_get_contents("C:/php/news.txt", FALSE, NULL, 500, 4096);  // FAILS

$x = file_get_contents("C:/php/news.txt", FALSE, NULL, 500, 4097);  // WORKS


$x = file_get_contents("C:/php/news.txt", FALSE, NULL, 1000, 4096);  // FAILS

$x = file_get_contents("C:/php/news.txt", FALSE, NULL, 1000, 4097);  // WORKS

$x = file_get_contents("C:/php/news.txt", FALSE, NULL, 0, 4096);  // WORKS

$x = file_get_contents("C:/php/news.txt", FALSE, NULL, 0, 4097);  // WORKS


Expected result:
----------------
All combinations of offset & maxlen should work as news.txt is 74 KB long. 

Actual result:
--------------
PHP fails in some instances (see above) with Dr. Watson reporting "Application exception occurred: App:  (pid=1828)[apache.exe] Exception number: c0000005 (access violation)"

Using

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-01-05 00:26 UTC] nlopess@php.net 
OK, back from the school exams, the problem seems to be in php_stdiop_set_option(), because it is allocating one less byte than it should. (and that mmap code is specific for windows).

I'll try to investigate the problem further and produce a patch.
 [2006-01-05 02:21 UTC] nlopess@php.net 
OK, the problem is in the MapViewOfFile() call in php_stdiop_set_option(), because it is mapping less data than we've asked.
It seems a windows problem to me, but I'm leaving open because this can be a serious bug (although I'm not able to fix it..).
 [2006-02-08 00:50 UTC] iliaa@php.net 
How big is the file?
 [2006-02-08 02:23 UTC] chris at lodesys dot com 
The example test file is C:/php/news.txt (part of the PHP Windows distribution).  It is 74 KB (75,800 bytes).  Was having problems with files larger than that (say up to 170 KB).  Didn't test with extra large files.
 [2006-02-23 07:21 UTC] ninive at gmx dot at 
Please fix this critical bug.
 [2006-03-02 22:50 UTC] piecia2000 at tlen dot pl 
Temporary solution (slighty slower):

  $fd = fopen($filename, "rb");
  fseek($fd, $offset);
  $file = fread($fd, $size);
  fclose($fd);

please fix file_get_contents(),
 [2006-06-05 12:00 UTC] nlopess@php.net 
here is the patch: http://mega.ist.utl.pt/~ncpl/php_win_mmap_segfault.txt
 [2006-06-05 23:13 UTC] nlopess@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Edink applied the patch to PHP 5.2 and 6. Thanks!
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Tue Oct 28 14:00:01 2025 UTC