php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69224 Fileinfo tries to allocate huge amounts of memory for some text files
Submitted: 2015-03-11 20:27 UTC Modified: 2015-11-09 20:42 UTC
From: john at zerocrates dot org Assigned: ab (profile)
Status: Duplicate Package: Filesystem function related
PHP Version: 5.6.6 OS: Linux
Private report: No CVE-ID: None
 [2015-03-11 20:27 UTC] john at zerocrates dot org
Description:
------------
When run on certain files (chiefly text files and in this specific instance, CSV files), the Fileinfo extension immediately tries to allocate a huge amount of memory (multiple gigabytes) and exceeds the limit.

This behavior on a sample file was confirmed on multiple PHP versions across different distributions, including PHP 5.4.36 on CentOS (with "file" version 5.04) and PHP 5.6.6 on Gentoo (with "file" version 5.22).

The file "test.csv" that causes this behavior is available at http://zerocrates.org/test.csv

Test script:
---------------
$finfo = finfo_open(FILEINFO_MIME_TYPE);
echo finfo_file($finfo, 'test.csv');

OR

$finfo = new finfo(FILEINFO_MIME_TYPE);
echo $finfo->file('test.csv');

Expected result:
----------------
The output should simply be "text/plain"

Running the command-line tool "file -bi" on the sample file gives a correct output more or less immediately: "text/plain; charset=us-ascii"

Actual result:
--------------
Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 4294955358 bytes)

Note the amount of bytes for the attempted allocation, 4 gigabytes.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-03-11 20:29 UTC] john at zerocrates dot org
Just to clarify, the test file "test.csv" is only 28 kilobytes, nowhere near the memory limit or the requested allocation size.
 [2015-03-11 20:30 UTC] aharvey@php.net
Pretty sure this is a duplicate of bug #68819 — can someone with security access check that, please?
 [2015-03-12 04:22 UTC] laruence@php.net
-Assigned To: +Assigned To: ab
 [2015-03-12 04:22 UTC] laruence@php.net
this is a knew issue, as I remebered welting said about considering update libmagic to fix this.

@welting, any comments?
 [2015-03-12 07:11 UTC] ab@php.net
-Status: Assigned +Status: Duplicate
 [2015-03-12 07:11 UTC] ab@php.net
Yeah, this is the same issue. A patch for pre master is attached to the sec bug and waits to be merged.

Thanks for checking, guys.
 [2015-11-09 20:24 UTC] nmenciere at sportarchive dot tv
Hi,

What is the update on this bug?
Because it looks like in 5.6.15 the bug still exists. 

thanks
 [2015-11-09 20:42 UTC] ab@php.net
@nmenciere I cannot reproduce it with the current 5.6 dev tree with the reproduce case linked here. If you think this or similar bug is present, please open a new ticket and post your reproduce case.

Thanks.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 10:01:30 2024 UTC