php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69329 Files with 2 or 3 bytes cause mime_content_type function to segfault
Submitted: 2015-03-29 20:45 UTC Modified: 2015-03-30 13:52 UTC
From: jrbasso at gmail dot com Assigned: ab (profile)
Status: Duplicate Package: Filesystem function related
PHP Version: master-Git-2015-03-29 (Git) OS: Any
Private report: No CVE-ID: None
 [2015-03-29 20:45 UTC] jrbasso at gmail dot com
Description:
------------
Using mime_content_type function with file of 2 or 3 bytes crashes on PHP 7.

File with 1 byte always give the same response (application/octet-stream). Files with more than 3 bytes are fine.

Test script:
---------------
php -r 'file_put_contents("/tmp/test.tmp", "123"); mime_content_type("/tmp/test.tmp");'

Expected result:
----------------
text/plain

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
__memcpy_sse2_unaligned () at ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S:152
152	../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S: No such file or directory.
(gdb) bt
#0  __memcpy_sse2_unaligned () at ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S:152
#1  0x0000000000916ecb in _estrndup (s=0x7ffff2601dca "", length=18446744073709551615, __zend_filename=0xd8c768 "/home/vagrant/shared/php-src/ext/fileinfo/libmagic/softmagic.c", __zend_lineno=2017,
    __zend_orig_filename=0x0, __zend_orig_lineno=0) at /home/vagrant/shared/php-src/Zend/zend_alloc.c:2328
#2  0x000000000062a2a9 in magiccheck (ms=0x7ffff26f4700, m=0xd24220 <php_magic_database+2639712>) at /home/vagrant/shared/php-src/ext/fileinfo/libmagic/softmagic.c:2017
#3  0x0000000000625859 in match (ms=0x7ffff26f4700, magic=0xa9fbb8 <php_magic_database+248>, nmagic=10786, s=0x7ffff2601dc8 "", nbytes=3, offset=0, mode=64, text=1, flip=0, indir_level=0,
    name_count=0x7fffffffa2da, printed_something=0x7fffffffa2dc, need_separator=0x7fffffffa2e0, returnval=0x7fffffffa21c) at /home/vagrant/shared/php-src/ext/fileinfo/libmagic/softmagic.c:202
#4  0x000000000062559c in file_softmagic (ms=0x7ffff26f4700, buf=0x7ffff2601dc8 "", nbytes=3, indir_level=0, name_count=0x7fffffffa2da, mode=64, text=1)
    at /home/vagrant/shared/php-src/ext/fileinfo/libmagic/softmagic.c:94
#5  0x000000000061be48 in file_ascmagic_with_encoding (ms=0x7ffff26f4700, buf=0x7ffff2401000 "123", nbytes=3, ubuf=0x13e2160, ulen=3, code=0xd8ba94 "ASCII", type=0xd8ba80 "text", text=1)
    at /home/vagrant/shared/php-src/ext/fileinfo/libmagic/ascmagic.c:149
#6  0x000000000061bc5e in file_ascmagic (ms=0x7ffff26f4700, buf=0x7ffff2401000 "123", nbytes=3, text=1) at /home/vagrant/shared/php-src/ext/fileinfo/libmagic/ascmagic.c:92
#7  0x0000000000622565 in file_buffer (ms=0x7ffff26f4700, stream=0x7ffff26ef580, inname=0x0, buf=0x7ffff2401000, nb=3) at /home/vagrant/shared/php-src/ext/fileinfo/libmagic/funcs.c:264
#8  0x00000000006236ad in file_or_stream (ms=0x7ffff26f4700, inname=0x0, stream=0x7ffff26ef580) at /home/vagrant/shared/php-src/ext/fileinfo/libmagic/magic.c:410
#9  0x0000000000623460 in magic_stream (ms=0x7ffff26f4700, stream=0x7ffff26ef580) at /home/vagrant/shared/php-src/ext/fileinfo/libmagic/magic.c:347
#10 0x0000000000614b67 in _php_finfo_get_type (execute_data=0x7ffff3818bd0, return_value=0x7ffff3818a80, mode=2, mimetype_emu=1) at /home/vagrant/shared/php-src/ext/fileinfo/fileinfo.c:549
#11 0x0000000000614db1 in zif_mime_content_type (execute_data=0x7ffff3818bd0, return_value=0x7ffff3818a80) at /home/vagrant/shared/php-src/ext/fileinfo/fileinfo.c:603
#12 0x000000000099e251 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER () at /home/vagrant/shared/php-src/Zend/zend_vm_execute.h:691
#13 0x000000000099d680 in execute_ex (ex=0x7ffff3817fb0) at /home/vagrant/shared/php-src/Zend/zend_vm_execute.h:394
#14 0x0000000000930cd0 in zend_call_function (fci=0x7fffffffab00, fci_cache=0x7fffffffaad0) at /home/vagrant/shared/php-src/Zend/zend_execute_API.c:874
#15 0x0000000000735866 in zim_reflection_method_invokeArgs (execute_data=0x7ffff3817f30, return_value=0x7ffff3817c30) at /home/vagrant/shared/php-src/ext/reflection/php_reflection.c:3044
#16 0x000000000099e86b in ZEND_DO_FCALL_SPEC_HANDLER () at /home/vagrant/shared/php-src/Zend/zend_vm_execute.h:827
#17 0x000000000099d680 in execute_ex (ex=0x7ffff3814030) at /home/vagrant/shared/php-src/Zend/zend_vm_execute.h:394
#18 0x000000000099d7bb in zend_execute (op_array=0x7ffff3881000, return_value=0x0) at /home/vagrant/shared/php-src/Zend/zend_vm_execute.h:434
#19 0x00000000009480e9 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/vagrant/shared/php-src/Zend/zend.c:1355
#20 0x00000000008b73ce in php_execute_script (primary_file=0x7fffffffd1c0) at /home/vagrant/shared/php-src/main/main.c:2519
#21 0x0000000000a0450b in do_cli (argc=5, argv=0x1286ac0) at /home/vagrant/shared/php-src/sapi/cli/php_cli.c:967
#22 0x0000000000a056ca in main (argc=5, argv=0x1286ac0) at /home/vagrant/shared/php-src/sapi/cli/php_cli.c:1334

Using PHP from master branch (commit 1646e0e9d7e0ebc4220748ee4a99fdecf74376db).

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-03-30 02:31 UTC] laruence@php.net
-Assigned To: +Assigned To: ab
 [2015-03-30 02:31 UTC] laruence@php.net
we have multiply similar issues reporting about this...
 [2015-03-30 09:53 UTC] ab@php.net
-Status: Assigned +Status: Duplicate
 [2015-03-30 09:53 UTC] ab@php.net
@jrbasso, this have been fixed with bug #69320, please check. The point with 1 byte is not relevant here, but the crash.

Thanks.
 [2015-03-30 13:52 UTC] jrbasso at gmail dot com
@ab This is working fine now. Thanks.

I mentioned the 1 byte just to be clear the issue wasn't with less than 4 chars, but only 2 and 3. Sorry if didn't make it clear.
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC