go to bug id or search bugs for
The php_stream_statbuf that is used in the filepath stat functions is uninitialized in function 'php_stat' (ext\standard\filestat.c). This can result in random st_mode values, when calling lstat on a NTFS junction.
The 'php_sys_stat_ex' function (zend\zend_virtual_cwd.c) sets the st_mode for everything except a junction, so the uninitialized value is returned.
The test script below just illustrates that it is uninitialized by using a debug build. On release builds the script will show the 'expected' mode value of 0, but when used in more complex scenarios (like a test suite) different values can be returned for junctions.
For example, from my error log, while trying to track this down:
[31-Jan-2019 21:52:39 UTC] PHP 7.3.1
[31-Jan-2019 21:52:39 UTC] mode: 53467, composer-test-27485c536e26d95fa/junction
[31-Jan-2019 21:52:39 UTC] mode: 1508, composer-test-27485c536e26d95fa/junction
[31-Jan-2019 21:52:39 UTC] mode: 18252, composer-test-27485c536e26d95fa/junction
Of course, since there is no S_IFJUNC, it is hard to know what the 'expected' st_mode value should be. However Composer uses it to check for a junction (if it is a directory, not a link and not S_ISDIR from lstat's st_mode) and our tests are sometimes now failing on PHP 7.3
Create a junction: mkdir /J path/to/junction path/to/target
Compile php with --enable-debug
Run: php.exe -r "print_r(lstat('path/to/junction'));"
[mode] => 0
[mode] => 52428
Add a Patch
Add a Pull Request
The following pull request has been associated:
Patch Name: Fix #77552: Uninitialized buffer in stat functions
On GitHub: https://github.com/php/php-src/pull/3784
Automatic comment on behalf of firstname.lastname@example.org
Log: Fix #77552: Uninitialized buffer in stat functions