php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #66307 Fileinfo crashes with powerpoint files
Submitted: 2013-12-17 12:01 UTC Modified: 2014-04-23 16:54 UTC
From: jamal at tantaoui dot com Assigned: ab
Status: Closed Package: Reproducible crash
PHP Version: 5.5.7 OS: Windows 7 SP1 64bits
Private report: No CVE-ID:
 [2013-12-17 12:01 UTC] jamal at tantaoui dot com
Description:
------------
finfo_file crashes when i try to get the mime of powerpoint files in 64 bits version of php. Il works with 32 bits version.

Test script:
---------------
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mime = finfo_file($finfo, 'D:/exemple.ppt');
finfo_close($finfo);

echo($mime);

Expected result:
----------------
application/vnd.ms-powerpoint

Actual result:
--------------
Crash

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-12-17 18:19 UTC] aharvey@php.net
-Status: Open +Status: Feedback
 [2013-12-17 18:19 UTC] aharvey@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.


 [2013-12-17 20:21 UTC] jamal at tantaoui dot com
-Status: Feedback +Status: Open
 [2013-12-17 20:21 UTC] jamal at tantaoui dot com
The backtrace is available here : https://mon-partage.fr/f/3lhKk35K/
 [2014-01-02 13:55 UTC] ab@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: ab
 [2014-01-02 13:55 UTC] ab@php.net
Thanks for posting the memory dump, but I'd really like to see the backtrace first. I'd also appreciate you to share the exact ppt file causing this crash.

Thanks
 [2014-04-23 14:46 UTC] ab@php.net
@jamal, could you please check whether 5.6.0beta1 or the latest 5.5 release is vulnerable for you? Is that some special ppt file or any?

Thanks.
 [2014-04-23 15:46 UTC] jamal at tantaoui dot com
-Status: Feedback +Status: Assigned
 [2014-04-23 15:46 UTC] jamal at tantaoui dot com
Hi,

This bug still exists in the 5.5 branch of PHP (also in 5.5.11), but only in 64 bits. However, it seems to be resolved in 5.6 beta1 (32 + 64 work).

For your second question, it may be reproduced in > 10% of the files i have tested (more than 4000 tested files).

If you are interested I can send you some of these files by email.

Sincerely,
 [2014-04-23 16:54 UTC] ab@php.net
Yeah, of course a file to reproduce is required if the bug still persists. Just that 5.6 became the latest libmagic, and the lower got many bugfixes in the last time. So i thought it's worth to ask. Please mail some vulnerable ppt or just share somewhere, please specifically care there's no sensitive information in there as a test case will be based on that.

Thanks.
 [2014-04-24 17:37 UTC] ab@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=03fa5501a84af2bda7d81c732d46d2a68ee0e855
Log: Fixed bug #66307 Fileinfo crashes with powerpoint files
 [2014-04-24 17:37 UTC] ab@php.net
-Status: Assigned +Status: Closed
 [2014-04-25 23:25 UTC] ab@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=03fa5501a84af2bda7d81c732d46d2a68ee0e855
Log: Fixed bug #66307 Fileinfo crashes with powerpoint files
 [2014-04-25 23:29 UTC] ab@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=03fa5501a84af2bda7d81c732d46d2a68ee0e855
Log: Fixed bug #66307 Fileinfo crashes with powerpoint files
 [2014-05-01 14:59 UTC] tyrael@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=03fa5501a84af2bda7d81c732d46d2a68ee0e855
Log: Fixed bug #66307 Fileinfo crashes with powerpoint files
 [2014-05-27 01:15 UTC] stas@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=15ee33eb21275b1c4562f61e111c52b73d635640
Log: Fixed bug #66307 Fileinfo crashes with powerpoint files
 [2014-05-27 10:25 UTC] ab@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=15ee33eb21275b1c4562f61e111c52b73d635640
Log: Fixed bug #66307 Fileinfo crashes with powerpoint files
 [2014-05-27 10:26 UTC] ab@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=15ee33eb21275b1c4562f61e111c52b73d635640
Log: Fixed bug #66307 Fileinfo crashes with powerpoint files
 [2014-05-27 19:18 UTC] stas@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=4dbe191b61cbcc3943e4367c0e903dacf54ab22a
Log: Fixed bug #66307 Fileinfo crashes with powerpoint files
 [2014-06-01 15:05 UTC] laruence@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=15ee33eb21275b1c4562f61e111c52b73d635640
Log: Fixed bug #66307 Fileinfo crashes with powerpoint files
 [2014-06-04 01:22 UTC] tyrael@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=15ee33eb21275b1c4562f61e111c52b73d635640
Log: Fixed bug #66307 Fileinfo crashes with powerpoint files
 [2014-07-29 21:57 UTC] johannes@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=0335d2ef3efbcb5f45e753a34fd7b74188997d87
Log: Fixed bug #66307 Fileinfo crashes with powerpoint files
 [2014-08-14 15:34 UTC] johannes@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=0335d2ef3efbcb5f45e753a34fd7b74188997d87
Log: Fixed bug #66307 Fileinfo crashes with powerpoint files
 [2014-08-14 19:32 UTC] dmitry@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=0335d2ef3efbcb5f45e753a34fd7b74188997d87
Log: Fixed bug #66307 Fileinfo crashes with powerpoint files
 [2014-10-07 23:14 UTC] stas@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=0335d2ef3efbcb5f45e753a34fd7b74188997d87
Log: Fixed bug #66307 Fileinfo crashes with powerpoint files
 [2014-10-07 23:15 UTC] stas@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=15ee33eb21275b1c4562f61e111c52b73d635640
Log: Fixed bug #66307 Fileinfo crashes with powerpoint files
 [2014-10-07 23:25 UTC] stas@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=0335d2ef3efbcb5f45e753a34fd7b74188997d87
Log: Fixed bug #66307 Fileinfo crashes with powerpoint files
 [2014-10-07 23:26 UTC] stas@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=15ee33eb21275b1c4562f61e111c52b73d635640
Log: Fixed bug #66307 Fileinfo crashes with powerpoint files
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Aug 29 15:01:52 2017 UTC