|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #67231 geoip_record_by_name and geoip_region_by_name may segfault with libGeoIP 1.5.0+
Submitted: 2014-05-08 03:41 UTC Modified: 2014-11-20 20:58 UTC
Avg. Score:5.0 ± 0.0
Reproduced:3 of 3 (100.0%)
Same Version:2 (66.7%)
Same OS:1 (33.3%)
From: anthon at piwik dot org Assigned:
Status: Duplicate Package: geoip (PECL)
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: anthon at piwik dot org
New email:
PHP Version: OS:


 [2014-05-08 03:41 UTC] anthon at piwik dot org
In libGeoIP 1.5.0, the GeoIP_open_type() function checks the database type matches.

As a result, the function can now return NULL.

Since GEOIP_CITY_EDITON_REV0 and GEOIP_CITY_EDITION_REV1 both use the same filenames (similarly for the region database types), GeoIP_db_avail() may be lying (as it only checks to see if the file exists; it doesn't open the database to see if the type matches).

Test script:
Installing a rev 0 city database, and then calling geoip_record_by_name(''); will cause a Segmentation fault.


geoip.patch (last revision 2014-05-08 03:46 UTC by anthon at piwik dot org)

Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2014-11-20 20:58 UTC]
-Status: Open +Status: Duplicate
 [2014-11-20 20:58 UTC]
Dups #68277
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Thu Dec 08 20:05:51 2022 UTC