PHP :: Bug #69320 :: libmagic crash when running laravel tests

Bug #69320	libmagic crash when running laravel tests
Submitted:	2015-03-28 18:29 UTC	Modified:	2015-03-29 16:37 UTC
From:	nikic@php.net	Assigned:	ab (profile)
Status:	Closed	Package:	Reproducible crash
PHP Version:	master-Git-2015-03-28 (Git)	OS:
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	nikic@php.net
New email:
PHP Version:		OS:

New Comment:

[2015-03-28 18:29 UTC] nikic@php.net

Description:
------------
Running phpunit --filter FilesystemTest::testMimeTypeOutputsMimeType on https://github.com/laravel/framework results in a libmagic crash:

#0  __memcpy_sse2_unaligned () at ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S:116
#1  0x0000000000928a4a in _estrndup (s=0x7fffef91350a "", length=18446744073709551615, 
    __zend_filename=0xdb5028 "/home/nikic/php-src/ext/fileinfo/libmagic/softmagic.c", 
    __zend_lineno=2017, __zend_orig_filename=0x0, __zend_orig_lineno=0)
    at /home/nikic/php-src/Zend/zend_alloc.c:2328
#2  0x000000000062cbdd in magiccheck (ms=0x7fffef8c5700, m=0xd4cae0 <php_magic_database+2639712>)
    at /home/nikic/php-src/ext/fileinfo/libmagic/softmagic.c:2017
#3  0x000000000062818d in match (ms=0x7fffef8c5700, magic=0xac8478 <php_magic_database+248>, 
    nmagic=10786, s=0x7fffef913508 "", nbytes=3, offset=0, mode=64, text=1, flip=0, indir_level=0, 
    name_count=0x7fffffff9b9a, printed_something=0x7fffffff9b9c, need_separator=0x7fffffff9ba0, 
    returnval=0x7fffffff9adc) at /home/nikic/php-src/ext/fileinfo/libmagic/softmagic.c:202
#4  0x0000000000627ed0 in file_softmagic (ms=0x7fffef8c5700, buf=0x7fffef913508 "", nbytes=3, 
    indir_level=0, name_count=0x7fffffff9b9a, mode=64, text=1)
    at /home/nikic/php-src/ext/fileinfo/libmagic/softmagic.c:94
#5  0x000000000061e77c in file_ascmagic_with_encoding (ms=0x7fffef8c5700, 
    buf=0x7fffef601000 "foo", nbytes=3, ubuf=0x13e88e0, ulen=3, code=0xdb4354 "ASCII", 
    type=0xdb4340 "text", text=1) at /home/nikic/php-src/ext/fileinfo/libmagic/ascmagic.c:149
#6  0x000000000061e592 in file_ascmagic (ms=0x7fffef8c5700, buf=0x7fffef601000 "foo", nbytes=3, 
    text=1) at /home/nikic/php-src/ext/fileinfo/libmagic/ascmagic.c:92
#7  0x0000000000624e99 in file_buffer (ms=0x7fffef8c5700, stream=0x7fffef880100, inname=0x0, 
    buf=0x7fffef601000, nb=3) at /home/nikic/php-src/ext/fileinfo/libmagic/funcs.c:264
#8  0x0000000000625fe1 in file_or_stream (ms=0x7fffef8c5700, inname=0x0, stream=0x7fffef880100)
    at /home/nikic/php-src/ext/fileinfo/libmagic/magic.c:410
#9  0x0000000000625d94 in magic_stream (ms=0x7fffef8c5700, stream=0x7fffef880100)
    at /home/nikic/php-src/ext/fileinfo/libmagic/magic.c:347
#10 0x000000000061749b in _php_finfo_get_type (execute_data=0x7ffff181a890, 
    return_value=0x7ffff181a880, mode=2, mimetype_emu=0)
    at /home/nikic/php-src/ext/fileinfo/fileinfo.c:549
#11 0x000000000061768d in zif_finfo_file (execute_data=0x7ffff181a890, return_value=0x7ffff181a880)
    at /home/nikic/php-src/ext/fileinfo/fileinfo.c:587
#12 0x00000000009c21f2 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER ()
    at /home/nikic/php-src/Zend/zend_vm_execute.h:691
#13 0x00000000009c1232 in execute_ex (ex=0x7ffff181a5d0)
    at /home/nikic/php-src/Zend/zend_vm_execute.h:394
#14 0x0000000000949fbe in zend_call_function (fci=0x7fffffffa3c0, fci_cache=0x7fffffffa390)
    at /home/nikic/php-src/Zend/zend_execute_API.c:875
#15 0x000000000073b765 in zim_reflection_method_invokeArgs (execute_data=0x7ffff181a550, 
    return_value=0x7ffff181a250) at /home/nikic/php-src/ext/reflection/php_reflection.c:3044
#16 0x00000000009c2915 in ZEND_DO_FCALL_SPEC_HANDLER ()
    at /home/nikic/php-src/Zend/zend_vm_execute.h:827
#17 0x00000000009c1232 in execute_ex (ex=0x7ffff1816030)
    at /home/nikic/php-src/Zend/zend_vm_execute.h:394
#18 0x00000000009c14a5 in zend_execute (op_array=0x7ffff1885000, return_value=0x0)
    at /home/nikic/php-src/Zend/zend_vm_execute.h:434
#19 0x00000000009637c3 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /home/nikic/php-src/Zend/zend.c:1355

(gdb) f 2
(gdb) p *ms
$2 = {mlist = {0x7fffef8b5d70, 0x7fffef8b5d20}, c = {len = 10, li = 0x7fffef8dd9c0}, o = {
    buf = 0x0, pbuf = 0x0}, offset = 2, error = -1, flags = 16, event_flags = 0, 
  file = 0xdb2545 "unknown", line = 250, search = {s = 0x7fffef91350a "", 
    s_len = 18446744073709551615, offset = 2, rm_len = 0}, ms_value = {b = 102 'f', h = 28518, 
    l = 7303014, q = 7303014, hs = "fo", hl = "foo", hq = "foo\000\000\000\000", 
    s = "foo", '\000' <repeats 60 times>, us = "foo", '\000' <repeats 60 times>, 
    f = 1,02337023e-38, d = 3,6081683284976653e-317}, indir_max = 15, name_max = 30, 
  elf_shnum_max = 32768, elf_phnum_max = 128, elf_notes_max = 256}

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2015-03-28 18:29 UTC] nikic@php.net

-Assigned To: +Assigned To: ab

[2015-03-28 18:29 UTC] nikic@php.net

@ab Maybe related to recent libmagic update?

[2015-03-28 19:22 UTC] ab@php.net

Of course there could be some bugs after upgrade. Looking at the test https://github.com/laravel/framework/blob/5.0/tests/Filesystem/FilesystemTest.php#L228 and at the https://github.com/laravel/framework/blob/5.0/src/Illuminate/Filesystem/Filesystem.php#L186 - the reproduce snippet is as simple as

file_put_contents("foo.txt", "foo");
echo finfo_file(finfo_open(FILEINFO_MIME_TYPE), "foo.txt");

However it doesn't crash for me (and is actually present in the phpt suite, like finfo_file_002.phpt and several others). This part looks not correct

s = 0x7fffef91350a "", 
    s_len = 18446744073709551615

I'll be able to go directly with lavarel tomorrow and also to check the patch again. Though i just have to ask you to ensure you've a clean rebuild. In general, looks really weird as it should be failing all the way on travis if such a simple piece is buggy :)

Thanks.

[2015-03-28 19:37 UTC] nikic@php.net

Just did a clean build and still seeing the segfault. It also segfaults on Laravel's travis build, see https://travis-ci.org/laravel/framework/jobs/56238603.

And yeah, your two-line reproduce script segfaults for me as well. But ext/fileinfo tests all run clean.

[2015-03-29 16:00 UTC] ab@php.net

Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=aeabea4aa91af64db1fa1a592b92496fb5e293ba
Log: Fixed bug #69320 libmagic crash when running laravel tests

[2015-03-29 16:00 UTC] ab@php.net

-Status: Assigned +Status: Closed

[2015-03-29 16:37 UTC] ab@php.net

Should be fixed now. I guess we have one sec patch to go then. I wanted to pack it into the upgraded patch at once, but seems better to wait it's out with the next 5.x so one can do it cleaner in master.

Thanks.

[2015-03-30 09:53 UTC] ab@php.net

Related To: Bug #69329

[2016-07-20 11:39 UTC] davey@php.net

Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=aeabea4aa91af64db1fa1a592b92496fb5e293ba
Log: Fixed bug #69320 libmagic crash when running laravel tests

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Oct 27 16:01:27 2024 UTC