php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #25918 Segfault while trying to get mime type of *.cdr file with mime_content_type()
Submitted: 2003-10-20 04:45 UTC Modified: 2003-10-20 10:36 UTC
From: tony2001 at phpclub dot net Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 4CVS-2003-10-20 (stable) OS: Linux 2.4.21
Private report: No CVE-ID:
 [2003-10-20 04:45 UTC] tony2001 at phpclub dot net
Description:
------------
PHP segfaults.
This happens because of simple typo in mime_magic.c.
Possible patch:

Index: mime_magic.c
===================================================================
RCS file: /repository/php-src/ext/mime_magic/mime_magic.c,v
retrieving revision 1.13.2.9
diff -u -r1.13.2.9 mime_magic.c
--- mime_magic.c        9 Feb 2003 19:10:32 -0000       1.13.2.9
+++ mime_magic.c        20 Oct 2003 08:44:43 -0000
@@ -1848,7 +1848,7 @@
     }

     /* detect memory allocation errors */
-    if (!content_type ||
+    if (!*content_type ||
                (state == rsl_encoding && !*content_encoding)) {
                return MIME_MAGIC_ERROR;
     }



Reproduce code:
---------------
$dh=opendir(".");
while ($fn=readdir($dh))
{
     echo mime_content_type($fn)."<br>";
}


Expected result:
----------------
mime_content_type should return False in this case

Actual result:
--------------
#0  0x401366a3 in strlen () from /lib/i686/libc.so.6
#1  0x40241af3 in zif_mime_content_type (ht=0, return_value=0x8138ab4, this_ptr=0x0, return_value_used=0)
    at /root/CVS/php-src_PHP_4_3/ext/mime_magic/mime_magic.c:332
#2  0x40318e59 in execute (op_array=0x8138a1c) at /root/CVS/php-src_PHP_4_3/Zend/zend_execute.c:1616
#3  0x4030aa66 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/CVS/php-src_PHP_4_3/Zend/zend.c:885
#4  0x402df501 in php_execute_script (primary_file=0xbffff300) at /root/CVS/php-src_PHP_4_3/main/main.c:1729
#5  0x4031cefb in apache_php_module_main (r=0x813177c, display_source_mode=0)
    at /root/CVS/php-src_PHP_4_3/sapi/apache/sapi_apache.c:54
#6  0x4031da96 in send_php (r=0x813177c, display_source_mode=0, filename=0x0)
    at /root/CVS/php-src_PHP_4_3/sapi/apache/mod_php4.c:620
#7  0x4031dc55 in send_parsed_php (r=0x813177c) at /root/CVS/php-src_PHP_4_3/sapi/apache/mod_php4.c:635
#8  0x08068eee in ap_invoke_handler ()
#9  0x0807e83e in process_request_internal ()
#10 0x0807ec74 in ap_internal_redirect ()
#11 0x0805e39a in handle_dir ()
#12 0x08068eee in ap_invoke_handler ()
#13 0x0807e83e in process_request_internal ()
#14 0x0807e89b in ap_process_request ()
#15 0x0807535f in child_main ()
#16 0x08075511 in make_child ()
#17 0x08075690 in startup_children ()
#18 0x08075d00 in standalone_main ()
#19 0x0807659a in main ()
#20 0x400d1af7 in __libc_start_main () from /lib/i686/libc.so.6


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-10-20 10:05 UTC] tony2001 at phpclub dot net
the bug was reproduced with this file:
http://tony2001.phpclub.net/temp/vp_cmyk.cdr
 [2003-10-20 10:36 UTC] iliaa@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 23 18:01:55 2014 UTC