php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #23981 bcompiler doesn't check the return value of php_stream_open_wrapper()
Submitted: 2003-06-03 06:35 UTC Modified: 2003-06-06 04:03 UTC
From: per at nobolt dot com Assigned: alan_k (profile)
Status: Closed Package: PEAR related
PHP Version: 4.3.2 OS: Debian GNU/Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: per at nobolt dot com
New email:
PHP Version: OS:

 

 [2003-06-03 06:35 UTC] per at nobolt dot com
In the bz2_aware_stream_open(), there is code like this:

	BCOMPILER_DEBUG(("no  bz2 support - opening it..\n"));
	stream = php_stream_open_wrapper(file_name, "rb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL);

	/* Sanity check to see if it is a bzip2 encoded stream */
	php_stream_read(stream, magic, sizeof(magic));

If the call to php_stream_open_wrapper() fails (which it will if the file does not exist), stream will be NULL and this will cause a segmentation fault in php_stream_read().

This can easily be fixed by just checking the return value; if it is NULL, return from the function immediately.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-06-03 07:33 UTC] spam at nobolt dot com
This bug is very serious since it causes segmentation faults on every missing file in include(), require() etc. (since bcompiler hooks into the Zend core).  This patch will fix it:

Index: bcompiler.c
===================================================================
RCS file: /repository/pear/PECL/bcompiler/bcompiler.c,v
retrieving revision 1.39
diff -u -r1.39 bcompiler.c
--- bcompiler.c	8 Apr 2003 07:59:44 -0000	1.39
+++ bcompiler.c	3 Jun 2003 12:29:51 -0000
@@ -215,6 +215,10 @@
 	BCOMPILER_DEBUG(("no  bz2 support - opening it..\n"));
 	stream = php_stream_open_wrapper(file_name, "rb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL);
 
+    if (!stream) {
+        return stream;
+    }
+
 	/* Sanity check to see if it is a bzip2 encoded stream */
 	php_stream_read(stream, magic, sizeof(magic));
 	if (memcmp(magic, "BZ", 2) == 0) {

The only problem with this patch is that you get the warning about the missing file twice, but IMO that's much better than a segmentation fault.
 [2003-06-06 04:03 UTC] alan_k@php.net
thanks - added to release + a few more checks that should help..

 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Tue Oct 26 13:03:34 2021 UTC