|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #22362 Certain combinations of fseek() and fwrite() produce unexpected results
Submitted: 2003-02-21 13:58 UTC Modified: 2003-02-22 12:55 UTC
Avg. Score:5.0 ± 0.0
Reproduced:3 of 3 (100.0%)
Same Version:2 (66.7%)
Same OS:1 (33.3%)
From: php at codewhore dot org Assigned: wez (profile)
Status: Closed Package: Filesystem function related
PHP Version: 4.3.1 OS: Linux 2.4
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
Solve the problem:
31 + 4 = ?
Subscribe to this entry?

 [2003-02-21 13:58 UTC] php at codewhore dot org

  $fp = fopen('./foo', 'w+');
  fwrite($fp, 'quxbar', 6);
  fseek($fp, 3, SEEK_SET);
  fread($fp, 1);
  fseek($fp, 4, SEEK_SET);
  fwrite($fp, '!', 1);
  fseek($fp, 0, SEEK_SET);
  $buf = fread($fp, 4095);
  echo "$buf\n";

In C:

#include <stdio.h>

int main()
  static char buf[4096];
  FILE *f = fopen("./foo", "w+");
  fwrite("quxbar", 6, 1, f);
  fseek(f, 3, SEEK_SET);
  fread(&buf, 1, 1, f);
  fseek(f, 4, SEEK_SET);
  fwrite("!", 1, 1, f);
  fseek(f, 0, SEEK_SET);
  fread(&buf, 4095, 1, f);
  printf("%s\n", buf);
  return 0;

The PHP version outputs 'quxbar!.
The C version outputs 'quxb!r'.

In fact, for any PHP code of the structure:
  fseek($fp, $x, SEEK_SET);
  fread($fp, $n);
  fseek($fp, $y, SEEK_SET);
  fwrite($fp, '!', 1);

the data from the fwrite always gets written to the end of the stream when $x < $y and $n is exactly 1. I can reproduce this with different whence parameters, but it seems to only happen with a seek followed by a single-byte read.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2003-02-21 14:43 UTC] php at codewhore dot org
I've verified that this behavior still exists in today's snapshot (php4-STABLE-200302212030.tar.gz).
 [2003-02-21 17:02 UTC] php at codewhore dot org
I'm still mostly lost, but commenting out the following segment of code fixes the problem for the test case. Obviously this isn't the solution, but I think I have it narrowed down to _php_stream_seek thinking that the underlying file position matches the seek offset when it doesn't in reality.

PHPAPI int _php_stream_seek(php_stream *stream, off_t offset, int whence TSRMLS_DC)
    /* not moving anywhere */
#if 0
    if ((offset == 0 && whence == SEEK_CUR) || (offset == stream->position && whence == SEEK_SET))
        return 0;
 [2003-02-21 17:44 UTC] php at codewhore dot org
FWIW, the problem also occurs in the following piece of code:

  $fp = fopen('./foo', 'w+');
  fwrite($fp, 'quxbar', 6);
  fseek($fp, 3, SEEK_SET);
  fread($fp, 1);
  fwrite($fp, '!', 1);
  fseek($fp, 0, SEEK_SET);
  $buf = fread($fp, 4095);
  echo "$buf\n";

There's no fseek() between the fread() and fwrite(), so my previous theory seems to be quite wrong. I'll do more digging as time permits...
 [2003-02-21 18:40 UTC]
Save yourself some energy :)

I'm going to look into this this weekend; I know precisely
how to fix this, and it most likely not something you
would have time to think of by the time I've sorted it
out :)

I will update this report when it is fixed and you will be able to try the fix using a stable snapshot.

Thanks for your efforts so far!
 [2003-02-21 19:38 UTC] php at codewhore dot org
Thanks. Glad I could be of (some) help. :)
 [2003-02-21 20:46 UTC]
Please try using this CVS snapshot:
For Windows:

Try the next stable snapshot.
 [2003-02-22 12:55 UTC] php at codewhore dot org
I just pulled from the PHP_4_3 branch of CVS, and the problem is indeed fixed.

Thanks again. :)
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Sat Jan 28 15:03:49 2023 UTC