|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2006-11-20 18:22 UTC] cyberleo at cyberleo dot net
Description:
------------
Calling finfo_open() a second time during any given PHP invocation will crash with varying results. If the previous fileinfo instance was closed, PHP will segfault while reading the magic database. If the previous fileinfo instance still exists, PHP will dump a ton of double-free and realloc warnings.
The included backtrace is generated from the code sample provided.
Nothing in php.ini except 'extension=fileinfo.so'.
file-4.17
Fileinfo-1.0.4
Reproduce code:
---------------
$file = __FILE__;
$fp = finfo_open();
$mime = finfo_file($fp, $file);
finfo_close($fp);
var_dump($mime);
unset($fp);
$fp = finfo_open();
$mime = finfo_file($fp, $file);
finfo_close($fp);
var_dump($mime);
Expected result:
----------------
string(28) "text/plain; charset=us-ascii"
string(28) "text/plain; charset=us-ascii"
Actual result:
--------------
cyberleo@uzuri:~/tmp $ php bugcheck.php
string(13) "Alpha archive"
Segmentation fault (core dumped)
cyberleo@uzuri:~/tmp $
----
(gdb) bt
#0 0x28afb07e in parse (ms=0x869eb40, mentryp=0xbfbfd8e4,
nmentryp=0xbfbfd8e8,
line=0xbfbfd8ec "0\tstring\t\tZyXEL\\002\tZyXEL voice data", action=0)
at apprentice.c:567
#1 0x28afac5f in apprentice_file (ms=0x869eb40, magicp=0xbfbfdd38,
nmagicp=0xbfbfdd3c, fn=0x856a5e0 "/usr/share/misc/magic", action=0)
at apprentice.c:405
#2 0x28afa725 in apprentice_1 (ms=0x869eb40,
fn=0x856a5e0 "/usr/share/misc/magic", action=0, mlist=0x869cda0)
at apprentice.c:183
#3 0x28afa93d in file_apprentice (ms=0x869eb40,
fn=0x28af5e1e "/usr/share/misc/magic", action=0) at apprentice.c:281
#4 0x28afa212 in magic_load (ms=0x869eb40,
magicfile=0x28af5e1e "/usr/share/misc/magic") at magic.c:156
#5 0x28af5691 in zif_finfo_open (ht=0, return_value=0x869cd4c,
return_value_ptr=0x0, this_ptr=0x0, return_value_used=1)
at /usr/home/cyberleo/build/Fileinfo-1.0.4/fileinfo.c:285
#6 0x8271dfb in zend_do_fcall_common_helper_SPEC (execute_data=0xbfbfe3f0)
at /usr/home/cyberleo/build/php-5.1.6/Zend/zend_vm_execute.h:200
#7 0x8277070 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xbfbfe3f0)
at /usr/home/cyberleo/build/php-5.1.6/Zend/zend_vm_execute.h:1640
#8 0x827178f in execute (op_array=0x861790c)
at /usr/home/cyberleo/build/php-5.1.6/Zend/zend_vm_execute.h:92
#9 0x825aa90 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at /usr/home/cyberleo/build/php-5.1.6/Zend/zend.c:1109
#10 0x8227550 in php_execute_script (primary_file=0xbfbffafc)
at /usr/home/cyberleo/build/php-5.1.6/main/main.c:1737
#11 0x82e8019 in main (argc=2, argv=0xbfbffb7c)
at /usr/home/cyberleo/build/php-5.1.6/sapi/cli/php_cli.c:1093
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Apr 25 16:01:28 2024 UTC |
I recently encountered similar problem. Replication code: <?php $finfo = finfo_open(FILEINFO_MIME_TYPE, null); $info = finfo_file($finfo, "index.php"); When opening from web (through apache2), segfault is reported in error log: [Wed Oct 23 14:32:25 2013] [notice] child pid 29084 exit signal Segmentation fault (11) When executing from cli e.g. php -q test.php, output is okay. php -v PHP 5.5.4-pl0-gentoo (cli) (built: Oct 18 2013 19:11:02) Copyright (c) 1997-2013 The PHP Group Zend Engine v2.5.0, Copyright (c) 1998-2013 Zend Technologies with Zend OPcache v7.0.3-dev, Copyright (c) 1999-2013, by Zend Technologies /usr/sbin/apache2 -v Server version: Apache/2.2.25 (Unix) Server built: Sep 20 2013 14:16:11 Any clues?