|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #68671 incorrect expression
Submitted: 2014-12-28 22:43 UTC Modified: 2014-12-30 18:49 UTC
From: bugreports at internot dot info Assigned: ab (profile)
Status: Closed Package: Filesystem function related
PHP Version: master-Git-2014-12-28 (Git) OS: Linux Ubuntu 14.04
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: bugreports at internot dot info
New email:
PHP Version: OS:


 [2014-12-28 22:43 UTC] bugreports at internot dot info

In /ext/fileinfo/libmagic/print.c:

 65        if (vasprintf(&expanded_format, f, va)); /* silence */
 66        va_end(va);

I believe line 65 is incorrect. Why is there an if() aroudn it, then is ended by a semi-colon?



Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2014-12-29 02:31 UTC] phpmpan at mpan dot pl
The expression seems to be an attempt to silence the compiler which was pointing out a bug in the code, instead of fixing the bug. Introduced by commit cdc1a637.

The bug is:
 68    php_error_docref(NULL, E_NOTICE, "Warning: %s", expanded_format);
 70    free(expanded_format);

in both of these expressions `expected_format` may have undefined value. Additionally line 68 may be leaking memory contents to the client.
 [2014-12-30 02:59 UTC]
-Status: Open +Status: Assigned -Package: *General Issues +Package: Filesystem function related -Assigned To: +Assigned To: ab
 [2014-12-30 02:59 UTC]
Anatol, can you have a look at this, please? It appears to be related to your fix for bug #64713.
 [2014-12-30 18:41 UTC]
Automatic comment on behalf of ab
Log: Fixed bug #68671 incorrect expression in libmagic
 [2014-12-30 18:41 UTC]
-Status: Assigned +Status: Closed
 [2014-12-30 18:49 UTC]
Hi Adam, yeah, the "if()" fix was just to hide the warning about the ignored return value. Despite there's currently no use case in the core, where file_magwarn() could be used a dangerous way ... What Joshua suggests would just make it robuster.

PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Sun Jun 04 20:03:40 2023 UTC