php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #68671 incorrect expression
Submitted: 2014-12-28 22:43 UTC Modified: 2014-12-30 18:49 UTC
From: bugreports at internot dot info Assigned: ab (profile)
Status: Closed Package: Filesystem function related
PHP Version: master-Git-2014-12-28 (Git) OS: Linux Ubuntu 14.04
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: bugreports at internot dot info
New email:
PHP Version: OS:

 

 [2014-12-28 22:43 UTC] bugreports at internot dot info
Description:
------------
Hi,

In /ext/fileinfo/libmagic/print.c:

 65        if (vasprintf(&expanded_format, f, va)); /* silence */
 66        va_end(va);

I believe line 65 is incorrect. Why is there an if() aroudn it, then is ended by a semi-colon?


Thanks


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-12-29 02:31 UTC] phpmpan at mpan dot pl
The expression seems to be an attempt to silence the compiler which was pointing out a bug in the code, instead of fixing the bug. Introduced by commit cdc1a637.

The bug is:
 68    php_error_docref(NULL, E_NOTICE, "Warning: %s", expanded_format);
 69    
 70    free(expanded_format);

in both of these expressions `expected_format` may have undefined value. Additionally line 68 may be leaking memory contents to the client.
 [2014-12-30 02:59 UTC] aharvey@php.net
-Status: Open +Status: Assigned -Package: *General Issues +Package: Filesystem function related -Assigned To: +Assigned To: ab
 [2014-12-30 02:59 UTC] aharvey@php.net
Anatol, can you have a look at this, please? It appears to be related to your fix for bug #64713.
 [2014-12-30 18:41 UTC] ab@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d92a87d7cb81f94b8705cdbeaa1b3836dc145549
Log: Fixed bug #68671 incorrect expression in libmagic
 [2014-12-30 18:41 UTC] ab@php.net
-Status: Assigned +Status: Closed
 [2014-12-30 18:49 UTC] ab@php.net
Hi Adam, yeah, the "if()" fix was just to hide the warning about the ignored return value. Despite there's currently no use case in the core, where file_magwarn() could be used a dangerous way ... What Joshua suggests would just make it robuster.

Thanks.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved.
Last updated: Wed Jan 15 05:01:27 2025 UTC