php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #71385 require* and include* do not detect input/output error
Submitted: 2016-01-16 00:06 UTC Modified: 2023-08-27 18:01 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:0 of 1 (0.0%)
From: salsi at icosaedro dot it Assigned: bukka (profile)
Status: Closed Package: Streams related
PHP Version: master-Git-2016-01-16 (Git) OS: Slackware 14.1
Private report: No CVE-ID: None
 [2016-01-16 00:06 UTC] salsi at icosaedro dot it
Description:
------------
Possibly related: fread() does not detect file access error (https://bugs.php.net/bug.php?id=71384).

Trying to include an unreadable file, the require* and include* family of statements do not to detect the problem; no error nor exception whatsoever.

The simplest way to simulate an unreadable file on Linux is to read /proc/self/mem, a file that can be successfully opened but cannot be read from the very beginning (credits for this trick: http://unix.stackexchange.com/a/6302):

	$ cat /proc/self/mem
	cat: /proc/self/mem: Input/output error

A simple test made with gcc C confirms that fopen() succeeds while fread() gives input/output error.

Under PHP, instead, no errors are detected, and that file can be "required", as the following test script proves. Since "requiring" a file means that the code that follows depends on it, there might be also safety and security profiles involved.



Test script:
---------------
<?php
echo "PHP version: ", PHP_VERSION, "\n";
// set safe test environment:
error_reporting(-1);
ini_set("track_errors", "1");

// maps errors to ErrorException:
function my_error_handler($errno, $message) {
	throw new ErrorException($message);
}
set_error_handler("my_error_handler");

define("UNREADABLE", "/proc/self/mem");
require UNREADABLE;
//require_once UNREADABLE;
//include UNREADABLE;
//include_once UNREADABLE;

echo "Just testing if error detection is still on:\n";
require "this file does not exist!";
?>

Expected result:
----------------
PHP version: 7.1.0-dev
(exception on the first fread() telling the file is unreadable)

Actual result:
--------------
PHP version: 7.1.0-dev
Just testing if error detection is still on:
PHP Warning:  Uncaught ErrorException: require(this file does not exist!): failed to open stream: No such file or directory in /home/salsi/src/phplint/bug-require-unreadable-file.php:9
Stack trace:
#0 /home/salsi/src/phplint/bug-require-unreadable-file.php(20): my_error_handler(2, 'require(this fi...', '/home/salsi/src...', 20, Array)
#1 /home/salsi/src/phplint/bug-require-unreadable-file.php(20): require()
#2 {main}
  thrown in /home/salsi/src/phplint/bug-require-unreadable-file.php on line 9
Warning: Uncaught ErrorException: require(this file does not exist!): failed to open stream: No such file or directory in /home/salsi/src/phplint/bug-require-unreadable-file.php:9
Stack trace:
#0 /home/salsi/src/phplint/bug-require-unreadable-file.php(20): my_error_handler(2, 'require(this fi...', '/home/salsi/src...', 20, Array)
#1 /home/salsi/src/phplint/bug-require-unreadable-file.php(20): require()
#2 {main}
  thrown in /home/salsi/src/phplint/bug-require-unreadable-file.php on line 9
PHP Fatal error:  main(): Failed opening required 'this file does not exist!' (include_path='.') in /home/salsi/src/phplint/bug-require-unreadable-file.php on line 20
Fatal error: main(): Failed opening required 'this file does not exist!' (include_path='.') in /home/salsi/src/phplint/bug-require-unreadable-file.php on line 20

(puzzled by this error message displayed twice, but this is not the subject of this issue anyway, any suggestion appreciated :-)



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2022-10-05 17:45 UTC] bukka@php.net
-Package: Streams related +Package: *Directory/Filesystem functions
 [2022-10-05 17:45 UTC] bukka@php.net
This is not related to streams as require is not using them.
 [2022-10-05 17:53 UTC] bukka@php.net
-Package: *Directory/Filesystem functions +Package: Streams related
 [2022-10-05 17:53 UTC] bukka@php.net
Sorry it actually does as it uses php_fopen_wrapper_for_zend which uses php_stream_open_wrapper_as_file ...
 [2023-08-27 18:01 UTC] bukka@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: bukka
 [2023-08-27 18:01 UTC] bukka@php.net
I just tested this and it seems to be fixed. Got probably fixed at the same time like https://bugs.php.net/bug.php?id=71384 but didn't get closed.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 05:01:29 2024 UTC