php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77552 Unintialized php_stream_statbuf in stat functions
Submitted: 2019-01-31 22:19 UTC Modified: -
From: john-stevenson at blueyonder dot co dot uk Assigned:
Status: Closed Package: Filesystem function related
PHP Version: 7.3.1 OS: Windows 10
Private report: No CVE-ID: None
 [2019-01-31 22:19 UTC] john-stevenson at blueyonder dot co dot uk
Description:
------------
The php_stream_statbuf that is used in the filepath stat functions is uninitialized in function 'php_stat' (ext\standard\filestat.c). This can result in random st_mode values, when calling lstat on a NTFS junction.

The 'php_sys_stat_ex' function (zend\zend_virtual_cwd.c) sets the st_mode for everything except a junction, so the uninitialized value is returned.

The test script below just illustrates that it is uninitialized by using a debug build. On release builds the script will show the 'expected' mode value of 0, but when used in more complex scenarios (like a test suite) different values can be returned for junctions.

For example, from my error log, while trying to track this down: 
[31-Jan-2019 21:52:39 UTC] PHP 7.3.1
[31-Jan-2019 21:52:39 UTC] mode: 53467, composer-test-27485c536e26d95fa/junction
[31-Jan-2019 21:52:39 UTC] mode: 1508, composer-test-27485c536e26d95fa/junction
[31-Jan-2019 21:52:39 UTC] mode: 18252, composer-test-27485c536e26d95fa/junction 

Of course, since there is no S_IFJUNC, it is hard to know what the 'expected' st_mode value should be. However Composer uses it to check for a junction (if it is a directory, not a link and not S_ISDIR from lstat's st_mode) and our tests are sometimes now failing on PHP 7.3 


 

Test script:
---------------
Create a junction: mkdir /J path/to/junction path/to/target

Compile php with --enable-debug

Run: php.exe -r "print_r(lstat('path/to/junction'));"

Expected result:
----------------
...
[mode] => 0
...

Actual result:
--------------
...
[mode] => 52428
...

Patches

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-02-02 11:18 UTC]
The following pull request has been associated:

Patch Name: Fix #77552: Uninitialized buffer in stat functions
On GitHub:  https://github.com/php/php-src/pull/3784
Patch:      https://github.com/php/php-src/pull/3784.patch
 [2019-02-11 10:34 UTC] nikic@php.net
Automatic comment on behalf of john-stevenson@blueyonder.co.uk
Revision: http://git.php.net/?p=php-src.git;a=commit;h=fe4d7248cc09cf4d4f7b289e6db8299e8d7ac6d2
Log: Fix #77552: Uninitialized buffer in stat functions
 [2019-02-11 10:34 UTC] nikic@php.net
-Status: Open +Status: Closed
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Thu May 23 09:01:32 2019 UTC