php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #66987 Memory corruption in fileinfo ext (bigendian)
Submitted: 2014-03-31 13:15 UTC Modified: 2014-03-31 13:15 UTC
From: remi@php.net Assigned: remi
Status: Closed Package: Filesystem function related
PHP Version: 5.4.26 OS: GNU/LInux (bugendian)
Private report: No CVE-ID:
 [2014-03-31 13:15 UTC] remi@php.net
Description:
------------
Discovered running fileinfo test on ppc64 ans s390x (both bigendian)

# export USE_ZEND_ALLOC=0 &&  valgrind php -n -d extension=fileinfo.so test2.php
==26726== Memcheck, a memory error detector
==26726== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==26726== Using Valgrind-3.9.0 and LibVEX; rerun with -h for copyright info
==26726== Command: php -n -d extension=fileinfo.so test2.php
==26726==
PE Unknown PE signature 0x0 (Unknown subsystem 0x0) Intel 80386 system file, for MS Windows==26726== Invalid free() / delete / delete[] / realloc()
==26726==    at 0x482F972: free (in /usr/lib64/valgrind/vgpreload_memcheck-s390x-linux.so)
==26726==    by 0xBD8F7EB: apprentice_unmap (apprentice.c:499)
==26726==    by 0xBD8F875: mlist_free (apprentice.c:530)
==26726==    by 0xBD90939: file_ms_free (apprentice.c:444)
==26726==    by 0xBD8E905: finfo_resource_destructor (fileinfo.c:194)
==26726==    by 0x3A5C9F: list_entry_destructor (zend_list.c:183)
==26726==    by 0x3A35F3: zend_hash_del_key_or_index (zend_hash.c:531)
==26726==    by 0x3A5F3D: _zend_list_delete (zend_list.c:57)
==26726==    by 0x384A41: _zval_ptr_dtor (zend_variables.h:35)
==26726==    by 0x3A1EC9: zend_hash_apply_deleter (zend_hash.c:650)
==26726==    by 0x3A3953: zend_hash_graceful_reverse_destroy (zend_hash.c:687)
==26726==    by 0x38518F: shutdown_executor (zend_execute_API.c:247)
==26726==  Address 0xc024138 is 248 bytes inside a block of size 2,606,480 alloc'd
==26726==    at 0x482E55A: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-s390x-linux.so)
==26726==    by 0xBD93F4F: apprentice_1 (apprentice.c:2687)
==26726==    by 0xBD8EB31: zif_finfo_open (fileinfo.c:345)
==26726==    by 0x44D493: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:643)
==26726==    by 0x3BFB6B: execute (zend_vm_execute.h:410)
==26726==    by 0x395FA1: zend_execute_scripts (zend.c:1315)
==26726==    by 0x330065: php_execute_script (main.c:2494)
==26726==    by 0x44F64B: do_cli (php_cli.c:988)
==26726==
==26726== Invalid free() / delete / delete[] / realloc()
==26726==    at 0x482F972: free (in /usr/lib64/valgrind/vgpreload_memcheck-s390x-linux.so)
==26726==    by 0xBD8F801: apprentice_unmap (apprentice.c:499)
==26726==    by 0xBD8F875: mlist_free (apprentice.c:530)
==26726==    by 0xBD90939: file_ms_free (apprentice.c:444)
==26726==    by 0xBD8E905: finfo_resource_destructor (fileinfo.c:194)
==26726==    by 0x3A5C9F: list_entry_destructor (zend_list.c:183)
==26726==    by 0x3A35F3: zend_hash_del_key_or_index (zend_hash.c:531)
==26726==    by 0x3A5F3D: _zend_list_delete (zend_list.c:57)
==26726==    by 0x384A41: _zval_ptr_dtor (zend_variables.h:35)
==26726==    by 0x3A1EC9: zend_hash_apply_deleter (zend_hash.c:650)
==26726==    by 0x3A3953: zend_hash_graceful_reverse_destroy (zend_hash.c:687)
==26726==    by 0x38518F: shutdown_executor (zend_execute_API.c:247)
==26726==  Address 0xc27b6e0 is 2,455,200 bytes inside a block of size 2,606,480 alloc'd
==26726==    at 0x482E55A: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-s390x-linux.so)
==26726==    by 0xBD93F4F: apprentice_1 (apprentice.c:2687)
==26726==    by 0xBD8EB31: zif_finfo_open (fileinfo.c:345)
==26726==    by 0x44D493: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:643)
==26726==    by 0x3BFB6B: execute (zend_vm_execute.h:410)
==26726==    by 0x395FA1: zend_execute_scripts (zend.c:1315)
==26726==    by 0x330065: php_execute_script (main.c:2494)
==26726==    by 0x44F64B: do_cli (php_cli.c:988)
==26726==
==26726==
==26726== HEAP SUMMARY:
==26726==     in use at exit: 203,543 bytes in 2,869 blocks
==26726==   total heap usage: 15,757 allocs, 12,890 frees, 5,922,519 bytes allocated
==26726==
==26726== LEAK SUMMARY:
==26726==    definitely lost: 0 bytes in 0 blocks
==26726==    indirectly lost: 0 bytes in 0 blocks
==26726==      possibly lost: 0 bytes in 0 blocks
==26726==    still reachable: 203,543 bytes in 2,869 blocks
==26726==         suppressed: 0 bytes in 0 blocks
==26726== Rerun with --leak-check=full to see details of leaked memory
==26726==
==26726== For counts of detected and suppressed errors, rerun with: -v
==26726== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 2 from 2)


Patches

fileinfo-mem.patch (last revision 2014-03-31 14:33 UTC) by remi@php.net)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-03-31 13:15 UTC] remi@php.net
-Assigned To: +Assigned To: remi
 [2014-03-31 14:33 UTC] remi@php.net
The following patch has been added/updated:

Patch Name: fileinfo-mem.patch
Revision:   1396276393
URL:        https://bugs.php.net/patch-display.php?bug=66987&patch=fileinfo-mem.patch&revision=1396276393
 [2014-03-31 14:58 UTC] remi@php.net
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src.git;a=commit;h=2c204a55af9b903b3db48dd5a75d492dbf1b387d
Log: Fixed Bug #66987 Memory corruption in fileinfo ext (bigendian)
 [2014-03-31 14:58 UTC] remi@php.net
-Status: Assigned +Status: Closed
 [2014-04-03 08:02 UTC] ab@php.net
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src.git;a=commit;h=2c204a55af9b903b3db48dd5a75d492dbf1b387d
Log: Fixed Bug #66987 Memory corruption in fileinfo ext (bigendian)
 [2014-04-03 08:04 UTC] ab@php.net
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src.git;a=commit;h=2c204a55af9b903b3db48dd5a75d492dbf1b387d
Log: Fixed Bug #66987 Memory corruption in fileinfo ext (bigendian)
 [2014-04-10 04:47 UTC] tyrael@php.net
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src.git;a=commit;h=2c204a55af9b903b3db48dd5a75d492dbf1b387d
Log: Fixed Bug #66987 Memory corruption in fileinfo ext (bigendian)
 [2014-10-07 23:15 UTC] stas@php.net
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=2c204a55af9b903b3db48dd5a75d492dbf1b387d
Log: Fixed Bug #66987 Memory corruption in fileinfo ext (bigendian)
 [2014-10-07 23:26 UTC] stas@php.net
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=2c204a55af9b903b3db48dd5a75d492dbf1b387d
Log: Fixed Bug #66987 Memory corruption in fileinfo ext (bigendian)
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Feb 26 14:01:37 2017 UTC