|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #25174 Wrong handling of readlink() in OS/Guess.php
Submitted: 2003-08-20 06:55 UTC Modified: 2003-10-24 01:35 UTC
Avg. Score:3.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:1 (50.0%)
From: mk362 at mch dot osram dot de Assigned: cellog (profile)
Status: Closed Package: PEAR related
PHP Version: 4.3.2 OS: SuSE Linux 8.2, 7.3, 7.2
Private report: No CVE-ID: None
 [2003-08-20 06:55 UTC] mk362 at mch dot osram dot de

during upgrade of PEAR I noticed the following on my SuSE Linux 7.3:
 Release Warnings

 downloading PEAR-1.2.tgz ...
 ...done: 83,109 bytes

 Warning: readlink() []: Invalid
 argument in Guess.php on line 181
 upgrade-all ok: PEAR 1.2
This didn't happen in SuSE 8.2, but I think just because the program didn't come to that point.

Looking into the code revealed that there is a readlink() call without error checking in line 181:

 if (ereg('^libc-([.*])\.so$', 

and in case is a regular file this will return FALSE instead of a string for basename() for both versions of my Linux.

I guess one should implement proper error checking here. Possibly this was never tested anyway, because most systems might already circumvent the problem by getting $major and $minor a step earlier via the call of "/usr/bin/cpp".


Reproduce code:

if(readlink('/lib/') == FALSE) 
   echo "Readlink call on /lib/ failed\n";

Actual result:
Content-type: text/html
X-Powered-By: PHP/4.3.1

Readlink call on /lib/ failed


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2003-08-24 10:13 UTC]
verified on suse 7.2, php 4.3.2

downloading PEAR-1.2.1.tgz ...
...done: 83,126 bytes

Notice: Undefined offset:  1 in Guess.php on line 173

Warning: readlink(): Invalid argument in Guess.php on line 181
upgrade-all ok: PEAR 1.2.1
 [2003-08-24 12:16 UTC]
I don't have SuSE linux.  nohn,do you have enough knowhow to provide a patch for this?  I can't be sure that anything I would do fixes this.  If not, just assign it back to me.

I can commit a patch you provide.

 [2003-08-24 12:38 UTC]
Hmmm... After upgrading to PEAR 1.2.1 by hand everything works fine. So this already seems to be closed.

Verified this on another SuSE-Machine (SuSE 7.3)
 [2003-08-28 04:23 UTC] mk362 at mch dot osram dot de
Hi Nohn,

did you do the test case from the "reproduce code" section? 

Even with an upgraded PEAR you will produce this error, since that code wasn't changed at all.

 [2003-08-28 04:25 UTC] mk362 at mch dot osram dot de
Status is still OPEN.
 [2003-09-01 09:34 UTC] mk362 at mch dot osram dot de

since there's no response up to now, I'd recommend to modify Guess.php:line 179 from
if (!($major && $minor) && file_exists('/lib/')) 
if (!($major && $minor) && is_link('/lib/')) 
to prevent that the program creates problems in case the lib is not symbolically linked.

 [2003-10-24 01:35 UTC]
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at
In case this was a documentation problem, the fix will show up soon at

In case this was a website problem, the change will show
up on the site and on the mirror sites in short time.
Thank you for the report, and for helping us make PHP better.

finally applied Marko's fix.

PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Mon Jul 26 00:01:24 2021 UTC