php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #68671 incorrect expression
Submitted: 2014-12-28 22:43 UTC Modified: 2014-12-30 18:49 UTC
From: bugreports at internot dot info Assigned: ab
Status: Closed Package: Filesystem function related
PHP Version: master-Git-2014-12-28 (Git) OS: Linux Ubuntu 14.04
Private report: No CVE-ID:
 [2014-12-28 22:43 UTC] bugreports at internot dot info
Description:
------------
Hi,

In /ext/fileinfo/libmagic/print.c:

 65        if (vasprintf(&expanded_format, f, va)); /* silence */
 66        va_end(va);

I believe line 65 is incorrect. Why is there an if() aroudn it, then is ended by a semi-colon?


Thanks


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-12-29 02:31 UTC] phpmpan at mpan dot pl
The expression seems to be an attempt to silence the compiler which was pointing out a bug in the code, instead of fixing the bug. Introduced by commit cdc1a637.

The bug is:
 68    php_error_docref(NULL, E_NOTICE, "Warning: %s", expanded_format);
 69    
 70    free(expanded_format);

in both of these expressions `expected_format` may have undefined value. Additionally line 68 may be leaking memory contents to the client.
 [2014-12-30 02:59 UTC] aharvey@php.net
-Status: Open +Status: Assigned -Package: *General Issues +Package: Filesystem function related -Assigned To: +Assigned To: ab
 [2014-12-30 02:59 UTC] aharvey@php.net
Anatol, can you have a look at this, please? It appears to be related to your fix for bug #64713.
 [2014-12-30 18:41 UTC] ab@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d92a87d7cb81f94b8705cdbeaa1b3836dc145549
Log: Fixed bug #68671 incorrect expression in libmagic
 [2014-12-30 18:41 UTC] ab@php.net
-Status: Assigned +Status: Closed
 [2014-12-30 18:49 UTC] ab@php.net
Hi Adam, yeah, the "if()" fix was just to hide the warning about the ignored return value. Despite there's currently no use case in the core, where file_magwarn() could be used a dangerous way ... What Joshua suggests would just make it robuster.

Thanks.
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Apr 25 22:01:37 2017 UTC