|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75379 Warning: finfo_file(): Null byte in regex in /root/php-src/bug/1.php on line 4
Submitted: 2017-10-15 08:09 UTC Modified: 2017-10-15 09:22 UTC
Avg. Score:4.2 ± 0.8
Reproduced:7 of 8 (87.5%)
Same Version:3 (42.9%)
Same OS:1 (14.3%)
From: chipitsine at gmail dot com Assigned:
Status: Open Package: *General Issues
PHP Version: Irrelevant OS: centos 7
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: chipitsine at gmail dot com
New email:
PHP Version: OS:


 [2017-10-15 08:09 UTC] chipitsine at gmail dot com
when analyzing malware samples from VirusShare, I encountered a sample that fails on finfo_file

it's VirusShare_01ff33de3e8bdded777bdcabe1c983c1

I do not know how to upload it here

Test script:
$finfo = finfo_open(FILEINFO_MIME);
$type = finfo_file($finfo, __DIR__.'/VirusShare_01ff33de3e8bdded777bdcabe1c983c1');


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2017-10-15 08:11 UTC] chipitsine at gmail dot com
if someone wishes to get VirusShare_01ff33de3e8bdded777bdcabe1c983c1, please contact me, I'll provide
 [2017-10-15 08:13 UTC] chipitsine at gmail dot com
full error message:

Warning: finfo_file(): Null byte in regex in /root/php-src/bug/1.php on line 4

Warning: finfo_file(): Failed identify data 0:(null) in /root/php-src/bug/1.php on line 4
 [2017-10-15 08:51 UTC] spam2 at rhsoft dot net
how do you come to the crazy conclusion PHP version is irrelevant, you can't upload it here but you need to find a way upload it *somewhere* and place a link here - without reproducer and exact version no way to fix

if you are using the php shipped with RHEL you are completely wrong here because that's a no longer upstream maintained 5.4 and hence the redhat is your friend
 [2017-10-15 09:22 UTC] chipitsine at gmail dot com
I reproduced in master from
it is 7.2-git-master, but I couldn't figure out how to choose that version in dropdown box - password 'infected' (be careful, it's a malware sample for android)
 [2019-11-14 18:00 UTC] bugzilla at shnoulle dot net
Can reproduce with a simple file (Tab separated value) file
With fedora/Linux PHP Version 7.3.11

File was in

 [2020-04-02 21:03 UTC] max at ytmnd dot com
I'm seeing "finfo::file(): Null byte in regex" multiple times daily with a variety of files being uploaded by users. Would love if anyone has a solution to this.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Jun 17 07:01:30 2024 UTC