php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74481 segfault getimagesize using zip:// stream
Submitted: 2017-04-20 14:40 UTC Modified: 2018-06-24 13:54 UTC
Votes:7
Avg. Score:5.0 ± 0.0
Reproduced:6 of 6 (100.0%)
Same Version:1 (16.7%)
Same OS:2 (33.3%)
From: sergey dot kudich at gmail dot com Assigned: cmb (profile)
Status: Closed Package: GetImageSize related
PHP Version: 7.0.18 OS: Ceontos 7
Private report: No CVE-ID: None
 [2017-04-20 14:40 UTC] sergey dot kudich at gmail dot com
Description:
------------
Segmentation Fault if we try getimagesize on zip:// strem

All was ok on php 7.0.16, this is related to phpoffice/phpexcel library

example - just try any file to open, we tried to get image from excel file so putting here example for it
getimagesize('zip:///home/user/workbook.xlsx#xl/media/image1.gif');

If we trying to open this file via fopen
$h = fopen('zip:///home/user/workbook.xlsx#xl/media/image1.gif', 'br');

PHP Warning:  fopen(zip:///home/user/workbook.xlsx#xl/media/image1.gif): failed to open stream: operation failed in ...

Same time file_get_contents working well


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-04-20 14:50 UTC] danack@php.net
-Status: Open +Status: Feedback
 [2017-04-20 14:50 UTC] danack@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.


 [2017-04-25 11:33 UTC] info at team-grasshopper dot info
It is the same problem as php 5.6, so I will send a core dump.

#0  0x000000000059dafc in php_stream_context_get_option (context=0x0, wrappername=0x7f5c5d3e8ce3 "zip", 
    optionname=0x7f5c5d3e987a "password", optionvalue=0x7fffb7bd4d30) at /usr/src/debug/php-5.6.30/main/streams/streams.c:2227
#1  0x00007f5c5d3e89e6 in php_stream_zip_opener () from /opt/remi/php56/root/usr/lib64/php/modules/zip.so
#2  0x000000000059f793 in _php_stream_open_wrapper_ex (
    path=0x7f5c6def5258 "zip:///home/quotation_invoice/dev/qi/aaa/quotation_000.xlsx#xl/media/image11.wmf", mode=0x6dce67 "rb", 
    options=24, opened_path=0x0, context=0x0) at /usr/src/debug/php-5.6.30/main/streams/streams.c:2059
#3  0x0000000000544253 in php_getimagesize_from_any (ht=1, return_value=0x7f5c6def4160, return_value_ptr=<value optimized out>, 
    this_ptr=<value optimized out>, return_value_used=<value optimized out>, mode=1)
    at /usr/src/debug/php-5.6.30/ext/standard/image.c:1408
#4  0x00000000005d9479 in dtrace_execute_internal (execute_data_ptr=<value optimized out>, fci=<value optimized out>, 
    return_value_used=<value optimized out>) at /usr/src/debug/php-5.6.30/Zend/zend_dtrace.c:97
#5  0x00000000006689d5 in zend_do_fcall_common_helper_SPEC (execute_data=<value optimized out>)
    at /usr/src/debug/php-5.6.30/Zend/zend_vm_execute.h:560
#6  0x00000000006584a8 in execute_ex (execute_data=0x7f5c6dec0238) at /usr/src/debug/php-5.6.30/Zend/zend_vm_execute.h:363
#7  0x00000000005d95ae in dtrace_execute_ex (execute_data=0x7f5c6dec0238) at /usr/src/debug/php-5.6.30/Zend/zend_dtrace.c:73
#8  0x00000000005e8d5c in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/debug/php-5.6.30/Zend/zend.c:1341
#9  0x000000000058690a in php_execute_script (primary_file=0x7fffb7bd8730) at /usr/src/debug/php-5.6.30/main/main.c:2613
#10 0x0000000000690b76 in do_cli (argc=2, argv=0x2636c90) at /usr/src/debug/php-5.6.30/sapi/cli/php_cli.c:998
#11 0x0000000000691308 in main (argc=2, argv=0x2636c90) at /usr/src/debug/php-5.6.30/sapi/cli/php_cli.c:1382
 [2017-04-30 04:22 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 [2017-04-30 07:17 UTC] requinix@php.net
-Status: No Feedback +Status: Open
 [2017-05-11 15:33 UTC] d dot sharyk at gmail dot com
Hot fix  for phpexel.

in file

PHPExcel/Writer/Excel2007/ContentTypes.php


method

getImageMimeType

changed for me to:

private function getImageMimeType($pFile = '') {
        if (PHPExcel_Shared_File::file_exists($pFile)) {
            $image = mime_content_type($pFile);
            $imageType = 0;
            for ($imageType = 0; $imageType <= 16; $imageType++) {
                if ($image == image_type_to_mime_type($imageType)) {
                    break;
                }
            }
            return image_type_to_mime_type($imageType);
        }
        else {
            throw new PHPExcel_Writer_Exception("File $pFile does not exist");
        }
}
 [2017-05-11 16:53 UTC] sergey dot kudich at gmail dot com
I used a little bit different hot fix in same file

	private function _getImageMimeType($pFile = '')
	{
		if (PHPExcel_Shared_File::file_exists($pFile)) {
		    $image = getimagesizefromstring(file_get_contents($pFile));
			//$image = getimagesize($pFile);
			return image_type_to_mime_type($image[2]);
		} else {
			throw new PHPExcel_Writer_Exception("File $pFile does not exist");
		}
	}
 [2018-06-24 13:54 UTC] cmb@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb
 [2018-06-24 13:54 UTC] cmb@php.net
This issue has been fixed with commit 2458dce[1] (ext/zip) and
commit 65e236a[2] (PECL/zip), respectivly.

[1] <http://git.php.net/?p=php-src.git;a=commit;h=2458dce3e5bff026e91e42f292ca7bc0e2b2731c>
[2] <https://github.com/pierrejoye/php_zip/commit/65e236ae63381c5d8fda35c620d7048313928d50>
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Sat Dec 03 23:05:52 2022 UTC