php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #75379 Warning: finfo_file(): Null byte in regex in /root/php-src/bug/1.php on line 4
Submitted: 2017-10-15 08:09 UTC Modified: 2017-10-15 09:22 UTC
Votes:8
Avg. Score:4.2 ± 0.8
Reproduced:7 of 8 (87.5%)
Same Version:3 (42.9%)
Same OS:1 (14.3%)
From: chipitsine at gmail dot com Assigned:
Status: Open Package: *General Issues
PHP Version: Irrelevant OS: centos 7
Private report: No CVE-ID: None
View Developer Edit
 [2017-10-15 08:09 UTC] chipitsine at gmail dot com 
Description:
------------
when analyzing malware samples from VirusShare, I encountered a sample that fails on finfo_file

it's VirusShare_01ff33de3e8bdded777bdcabe1c983c1

I do not know how to upload it here

Test script:
---------------
$finfo = finfo_open(FILEINFO_MIME);
$type = finfo_file($finfo, __DIR__.'/VirusShare_01ff33de3e8bdded777bdcabe1c983c1');

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-10-15 08:11 UTC] chipitsine at gmail dot com 
if someone wishes to get VirusShare_01ff33de3e8bdded777bdcabe1c983c1, please contact me, I'll provide
 [2017-10-15 08:13 UTC] chipitsine at gmail dot com 
full error message:

Warning: finfo_file(): Null byte in regex in /root/php-src/bug/1.php on line 4

Warning: finfo_file(): Failed identify data 0:(null) in /root/php-src/bug/1.php on line 4
 [2017-10-15 08:51 UTC] spam2 at rhsoft dot net 
how do you come to the crazy conclusion PHP version is irrelevant, you can't upload it here but you need to find a way upload it *somewhere* and place a link here - without reproducer and exact version no way to fix

if you are using the php shipped with RHEL you are completely wrong here because that's a no longer upstream maintained 5.4 and hence the redhat bugzilla.redhat.com is your friend
 [2017-10-15 09:22 UTC] chipitsine at gmail dot com 
I reproduced in master from https://github.com/php/php-src
it is 7.2-git-master, but I couldn't figure out how to choose that version in dropdown box

https://yadi.sk/d/F-bwoBFL3Nm6hS - password 'infected' (be careful, it's a malware sample for android)
 [2019-11-14 18:00 UTC] bugzilla at shnoulle dot net 
Can reproduce with a simple file (Tab separated value) file
With fedora/Linux PHP Version 7.3.11

File was in https://bugs.limesurvey.org/view.php?id=15565

vvexport_151625-1.csv
 [2020-04-02 21:03 UTC] max at ytmnd dot com 
I'm seeing "finfo::file(): Null byte in regex" multiple times daily with a variety of files being uploaded by users. Would love if anyone has a solution to this.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Dec 21 13:01:31 2024 UTC