ID: 46071 Updated by: [EMAIL PROTECTED] -Summary: finfo_open() segfaults with wrong file name in BSD Reported By: [EMAIL PROTECTED] -Status: Assigned +Status: Closed Bug Type: Filesystem function related Operating System: FreeBSD6 PHP Version: 5.3CVS-2008-09-13 (CVS) Assigned To: derick New Comment:
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2008-09-14 03:27:03] [EMAIL PROTECTED] Ok, I found the problem. Index: ext/fileinfo/libmagic/apprentice.c =================================================================== RCS file: /repository/php-src/ext/fileinfo/libmagic/apprentice.c,v retrieving revision 1.7.2.5 diff -u -p -r1.7.2.5 apprentice.c --- ext/fileinfo/libmagic/apprentice.c 2 Sep 2008 12:43:24 -0000 1.7.2.5 +++ ext/fileinfo/libmagic/apprentice.c 14 Sep 2008 03:23:45 -0000 @@ -1901,7 +1901,7 @@ internal_loaded: ptr = (uint32_t *)(void *)*magicp; if (*ptr != MAGICNO) { if (swap4(*ptr) != MAGICNO) { - file_error(ms, 0, "bad magic in `%s'"); + file_error(ms, 0, "bad magic in `%s'", dbname); goto error1; } needsbyteswap = 1; Derick, can I commit it, or will you? ------------------------------------------------------------------------ [2008-09-13 21:49:12] [EMAIL PROTECTED] I can't reproduce this on Linux. Looking at the code, it shouldn't even get to that point as it calls realpath() first and does not continue if the file did resolve right. This might mean there is a YARWOB (yet another realpath() weirdness on FreeBSD), but I guess you'll have to figure it out yourself as I don't have any FBSD machines around. ------------------------------------------------------------------------ [2008-09-13 20:30:24] [EMAIL PROTECTED] Description: ------------ See below. Reproduce code: --------------- Starting program: /usr/home/felipe/php5/sapi/cli/php -r 'print finfo_open(NULL, PHP_INT_MAX);' warning: Unable to get location for thread creation breakpoint: generic error [New LWP 100130] [New Thread 0xbad000 (LWP 100130)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xbad000 (LWP 100130)] 0x0000000801cd2520 in strlen () from /lib/libc.so.6 (gdb) bt #0 0x0000000801cd2520 in strlen () from /lib/libc.so.6 #1 0x0000000000672713 in vspprintf (pbuf=0x7fffffffdb98, max_len=0, format=0x7fffffffdc08 "", ap=0x7fffffffdbd0) at /usr/home/felipe/php5/main/spprintf.c:564 #2 0x00000000004ba7a3 in file_error_core (ms=0xbd64c8, error=0, f=0x9713b4 "bad magic in `%s'", va=0x7fffffffdbd0, lineno=0) at /usr/home/felipe/php5/ext/fileinfo/libmagic/funcs.c:96 #3 0x00000000004ba904 in file_error (ms=0x400, error=5128, f=0x7fffffffdc08 "") at /usr/home/felipe/php5/ext/fileinfo/libmagic/funcs.c:119 #4 0x00000000004b9127 in apprentice_1 (ms=0xbd64c8, fn=0xbd6610 "/usr/home/felipe/php5/9223372036854775807", action=0, mlist=0xbd6650) at /usr/home/felipe/php5/ext/fileinfo/libmagic/apprentice.c:1904 #5 0x00000000004b926d in file_apprentice (ms=0xbd64c8, fn=0x0, action=0) at /usr/home/felipe/php5/ext/fileinfo/libmagic/apprentice.c:336 #6 0x00000000004bb078 in magic_load (ms=0xbd64c8, magicfile=0x1408 <Error reading address 0x1408: Bad address>) at /usr/home/felipe/php5/ext/fileinfo/libmagic/magic.c:192 #7 0x00000000004b5f3f in zif_finfo_open (ht=1024, return_value=0xbd5640, return_value_ptr=0x7fffffffdc08, this_ptr=0x0, return_value_used=12, tsrm_ls=0xba4640) at /usr/home/felipe/php5/ext/fileinfo/fileinfo.c:351 #8 0x00000000006ed5a5 in zend_do_fcall_common_helper_SPEC (execute_data=0xef5040, tsrm_ls=0xba4640) at zend_vm_execute.h:315 #9 0x00000000006ec792 in execute (op_array=0xbd5d70, tsrm_ls=0xba4640) at zend_vm_execute.h:104 #10 0x00000000006bb866 in zend_eval_string (str=0xbd5d70 "\004]�", retval_ptr=0x0, string_name=0x0, tsrm_ls=0xba4640) at /usr/home/felipe/php5/Zend/zend_execute_API.c:1118 #11 0x00000000006bba1b in zend_eval_string_ex (str=0x400 <Error reading address 0x400: Bad address>, retval_ptr=0x1408, string_name=0x7fffffffdc08 "", handle_exceptions=1, tsrm_ls=0xba4640) at /usr/home/felipe/php5/Zend/zend_execute_API.c:1153 #12 0x000000000076c00f in main (argc=3, argv=0x7fffffffe878) at /usr/home/felipe/php5/sapi/cli/php_cli.c:1219 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=46071&edit=1
