php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #63542 PHP warning overflow
Submitted: 2012-11-16 18:09 UTC Modified: 2020-04-21 17:07 UTC
From: vgabor at vgabor dot com Assigned: cmb (profile)
Status: Closed Package: mailparse (PECL)
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: vgabor at vgabor dot com
New email:
PHP Version: OS:

 

 [2012-11-16 18:09 UTC] vgabor at vgabor dot com
Description:
------------
The function php_mimepart_process_line() checks if the count of children have 
exceeded MAXPARTS and issue a PHP warning + return FAILURE. The 
php_mimepart_parse() which calls the line processing not obeys the returned 
value and call it again and again for the rest of the lines, resulting another 
PHP warning for each additional line. (if you've got 10000 additional line, then 
it will be 10000 additional warning)

Second, the php_mimepart_parse() return SUCCESS even when we cant parse all of 
the lines, which will result the mailparse_msg_parse_file() not returning false 
but a resource containing a partial email.

Third, the mailparse_msg_parse_file() leaks memory if the php_mimepart_parse() 
would return FAILURE as it not clears out the already allocated object and not 
returning it either. Since the php_mimepart_parse() never returned failure (see 
second point) it never actually came up before.

Additionally mailparse_mimemessage() not obeying the returned value from 
php_mimepart_parse() at all, but that's in the mailmessage object which is not 
documented and seemingly otdated/unfinished anyway.


Test script:
---------------
// $filename has more than 300 mime parts
$resource = mailparse_msg_parse_file($filename);


Expected result:
----------------
one warning exceeding MAXPARTS, and the $resource should be false, no memory leak 
happening

Actual result:
--------------
lot's of 'exceeding MAXPARTS' warnings, a resource returned pointing to a half 
parsed email

Patches

mailparse-fix_parse.patch (last revision 2012-11-16 18:09 UTC by vgabor at vgabor dot com)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-12-01 13:25 UTC] jawed@php.net
Automatic comment from SVN on behalf of jawed
Revision: http://svn.php.net/viewvc/?view=revision&revision=328587
Log: Bug 63542 (patch via Gabor Vizi)
 [2020-04-21 17:07 UTC] cmb@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb
 [2020-04-21 17:07 UTC] cmb@php.net
This bug has obviously been fixed long ago.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 30 17:01:29 2024 UTC