php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #81422 Potential double-free in mailparse_uudecode_all()
Submitted: 2021-09-07 09:42 UTC Modified: 2021-09-07 09:42 UTC
From: cmb@php.net Assigned: cmb (profile)
Status: Closed Package: mailparse (PECL)
PHP Version: 7.4Git-2021-09-07 (Git) OS: *
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: cmb@php.net
New email:
PHP Version: OS:

 

 [2021-09-07 09:42 UTC] cmb@php.net
Description:
------------
When there are multiple uuencoded parts in the file processed by
mailparse_uudecode_all(), the outpath of the main file is released
multiple times which can result in a double-free, possibly
resulting in a segfault.


Test script:
---------------
<?php
$data = <<<'EOD'
begin 644 foo
`
end

begin 644 bar
`
end

EOD;
$stream = fopen('php://memory', 'w+');
fwrite($stream, $data);
rewind($stream);
$parsed = mailparse_uudecode_all($stream);
var_dump(count($parsed));
?>


Expected result:
----------------
int(3)

Actual result:
--------------
segfault

Patches

Pull Requests

Pull requests:

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-09-07 09:42 UTC] cmb@php.net
-Assigned To: +Assigned To: cmb
 [2021-09-07 09:52 UTC] cmb@php.net
The following pull request has been associated:

Patch Name: Fix #81422: Potential double-free in mailparse_uudecode_all()
On GitHub:  https://github.com/php/pecl-mail-mailparse/pull/17
Patch:      https://github.com/php/pecl-mail-mailparse/pull/17.patch
 [2021-09-07 10:20 UTC] git@php.net
Automatic comment on behalf of cmb69
Revision: https://github.com/php/pecl-mail-mailparse/commit/7fe7a0316f7bc0c9111d00a2c916d87b3db47d0f
Log: Fix #81422: Potential double-free in mailparse_uudecode_all()
 [2021-09-07 10:20 UTC] git@php.net
-Status: Assigned +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 12:01:31 2024 UTC