php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #71385 require* and include* do not detect input/output error
Submitted: 2016-01-16 00:06 UTC Modified: -
From: salsi at icosaedro dot it Assigned:
Status: Open Package: Streams related
PHP Version: master-Git-2016-01-16 (Git) OS: Slackware 14.1
Private report: No CVE-ID: None
View Add Comment Developer Edit
Have you experienced this issue?
Rate the importance of this bug to you:

 [2016-01-16 00:06 UTC] salsi at icosaedro dot it 
Description:
------------
Possibly related: fread() does not detect file access error (https://bugs.php.net/bug.php?id=71384).

Trying to include an unreadable file, the require* and include* family of statements do not to detect the problem; no error nor exception whatsoever.

The simplest way to simulate an unreadable file on Linux is to read /proc/self/mem, a file that can be successfully opened but cannot be read from the very beginning (credits for this trick: http://unix.stackexchange.com/a/6302):

	$ cat /proc/self/mem
	cat: /proc/self/mem: Input/output error

A simple test made with gcc C confirms that fopen() succeeds while fread() gives input/output error.

Under PHP, instead, no errors are detected, and that file can be "required", as the following test script proves. Since "requiring" a file means that the code that follows depends on it, there might be also safety and security profiles involved.



Test script:
---------------
<?php
echo "PHP version: ", PHP_VERSION, "\n";
// set safe test environment:
error_reporting(-1);
ini_set("track_errors", "1");

// maps errors to ErrorException:
function my_error_handler($errno, $message) {
	throw new ErrorException($message);
}
set_error_handler("my_error_handler");

define("UNREADABLE", "/proc/self/mem");
require UNREADABLE;
//require_once UNREADABLE;
//include UNREADABLE;
//include_once UNREADABLE;

echo "Just testing if error detection is still on:\n";
require "this file does not exist!";
?>

Expected result:
----------------
PHP version: 7.1.0-dev
(exception on the first fread() telling the file is unreadable)

Actual result:
--------------
PHP version: 7.1.0-dev
Just testing if error detection is still on:
PHP Warning:  Uncaught ErrorException: require(this file does not exist!): failed to open stream: No such file or directory in /home/salsi/src/phplint/bug-require-unreadable-file.php:9
Stack trace:
#0 /home/salsi/src/phplint/bug-require-unreadable-file.php(20): my_error_handler(2, 'require(this fi...', '/home/salsi/src...', 20, Array)
#1 /home/salsi/src/phplint/bug-require-unreadable-file.php(20): require()
#2 {main}
  thrown in /home/salsi/src/phplint/bug-require-unreadable-file.php on line 9
Warning: Uncaught ErrorException: require(this file does not exist!): failed to open stream: No such file or directory in /home/salsi/src/phplint/bug-require-unreadable-file.php:9
Stack trace:
#0 /home/salsi/src/phplint/bug-require-unreadable-file.php(20): my_error_handler(2, 'require(this fi...', '/home/salsi/src...', 20, Array)
#1 /home/salsi/src/phplint/bug-require-unreadable-file.php(20): require()
#2 {main}
  thrown in /home/salsi/src/phplint/bug-require-unreadable-file.php on line 9
PHP Fatal error:  main(): Failed opening required 'this file does not exist!' (include_path='.') in /home/salsi/src/phplint/bug-require-unreadable-file.php on line 20
Fatal error: main(): Failed opening required 'this file does not exist!' (include_path='.') in /home/salsi/src/phplint/bug-require-unreadable-file.php on line 20

(puzzled by this error message displayed twice, but this is not the subject of this issue anyway, any suggestion appreciated :-)

Patches

Add a Patch

Pull Requests

Add a Pull Request
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved. 		Last updated: Tue Jul 07 10:01:25 2020 UTC