From 816b4c1235d70b1b83d26c415f044fc04a48875f Mon Sep 17 00:00:00 2001 From: "Christoph M. Becker" Date: Mon, 29 Jun 2020 16:10:33 +0200 Subject: [PATCH] Fix #79756: finfo_file crash (FILEINFO_MIME) If `ctime` or `asctime` return `NULL`, we must not attempt to copy the buffer, but rather return `NULL` as well. --- NEWS | 3 +++ ext/fileinfo/tests/bug79756.phpt | 16 ++++++++++++++++ ext/fileinfo/tests/bug79756.xls | Bin 0 -> 10752 bytes main/reentrancy.c | 14 ++++++++++---- 4 files changed, 29 insertions(+), 4 deletions(-) create mode 100644 ext/fileinfo/tests/bug79756.phpt create mode 100644 ext/fileinfo/tests/bug79756.xls diff --git a/NEWS b/NEWS index c5051c26a4..5ba6019106 100644 --- a/NEWS +++ b/NEWS @@ -10,6 +10,9 @@ PHP NEWS . Fixed bug #79741 (curl_setopt CURLOPT_POSTFIELDS asserts on object with declared properties). (Nikita) +- Fileinfo: + . Fixed bug #79756 (finfo_file crash (FILEINFO_MIME)). (cmb) + - FTP: . Fixed bug #55857 (ftp_size on large files). (cmb) diff --git a/ext/fileinfo/tests/bug79756.phpt b/ext/fileinfo/tests/bug79756.phpt new file mode 100644 index 0000000000..4aeeb2a266 --- /dev/null +++ b/ext/fileinfo/tests/bug79756.phpt @@ -0,0 +1,16 @@ +--TEST-- +Bug #79756 (finfo_file crash (FILEINFO_MIME)) +--SKIPIF-- + +--FILE-- + +--EXPECT-- +application/vnd.ms-excel; charset=binary diff --git a/ext/fileinfo/tests/bug79756.xls b/ext/fileinfo/tests/bug79756.xls new file mode 100644 index 0000000000000000000000000000000000000000..4087523cf7cfea5ccd534f2931fa1087a9e219ea GIT binary patch literal 10752 zcmeHNZ){sv6+h2*94Bd7C+$Ypvh<}{nzT*Zv>Bsp9d){fu47HNHtqN@#GLp!d9`Cl zwv%=dFb~#mR2mF*3Yr9iGQ=jq7*auE+EPGbLIK9a5U?*D64IvbL&iXCXsh}C&b8}j zCs`91f=#_I_r3ehzkANP=bn4-i=Y2Z)A>h#u;yi{DmRH=E*9z}=z&{kH<#YSA}i1) z>|&u%D1p(uQr<@%c&DhV9|IUbtwH6O*P@0{>rm@a8&H>_Hli*^<(RWJ727L|&-an( zS5$=u4oMnUPHgFu6rLHm7bCg&ay25x>&V4$dh^9%=r2cerT?-AF6S%az5cHYA(01b zVHb_>-D}IcT0YxJbzNic3C6Ofxd9x zgIvhaS&h|;Ip9iEl2U~Q!Fz{osp_}Zx<&hRWl;OyE-gZx3imxt7og5Z5mAbg?(dJl%+&23ck3J@(K)8={@f&CjlTc3lY`QaIA=&ejTenLgZ{_t4iXy)DvN zN#9VG-{h5V=v96N+#|nf0r?g5#@;5eb~RVQA2Z|L)mjDT6uk!Y;R^Z2Ug*#LqZZ?z zvixfLlAOwZJ@&SG?QK9pumtvgw$;D`jZK{IW%_Wd*Iq+!izF-QLn;U3UNycUx3}NGhK~@y^VG6<%j22n3mVhY(|F`% zYN{YpJ#moE$PDP?xC($v9Pcv}2$guTsq$2U$^byXqbx>k59?z)29Ul(lZ4>5B^Z6v;x*MCA)U*l6!P3a1z^zZ9LaVP!5kc zPHsCPN3Zrkb`bK)hdhv;FG)abT<5G1s>r}8OD@PU9*SoNNhrbDPCgJ70X%rXVg;#I zt}1MoU_H_>%ft1vm^LA~-@?HwG;Kw2k4Vewh<0wlLJ$^$8liuPgx{7ve=FcN>N=4< zeftg_9N6E#&pw>XI8I{1$v7!@*i8-FJG!^u&>_+vjgH!7@QwCu{Rix5Jmw@x)SJp3 zcQRv6>RTdv-JCs|2Erb8lChlaq!MUPq|+HY?zq_hxyKTYN0gJ=T7Pu%ct;jA$zdmD zk2oa(6Va4C=nQAlId(FcjwZ8qdJJNn;g}tx#26$^9^Z1@$qhRbBm)1SGnvj%Pz;(x zAp%6v*r=Owv$;$(=Q>+4sgCR)*w=fsuOF`3-~Y*j2M!PP^~0TgM-Cwg4>}miOd_4l zQCu{YxJD!m;|J4Df}PNqLHC$rAB#paINj#lW3lYeNXCulF!D(^M$5svjULKGhejX= z2uPT8QZY*KaA45U&v=Te4?}{J!g)BB8Bf5Y2|JohI+>AZD&}D5vg3nUH|9E7`)Cs5 zk%fnkJJ}o}69z|NAFZ>K4*K3gabx3yN!Lkahn&Yi#*;4g)MDa#vnMjZ#6 z^Gza&XetN$iq_Y6V#J(yI-TmW$Ka4j2exIqY$rFg5rIX;GLC&o5RUsJ-`H#%N;E{{i4Di(EEl<{IBfp@U%NGwP$y4^t2z9_4srXgA@ywPr9rwtKsZD_&dM5 z^t9v%Fd_Mznk~}4&X~$~a-D6|6sUL~wYawY?nmA_yR7^kV2-OTzt>=g{!*y?9z*-zG#@$k1*q8A@OFo|r?JG~zAG5;}-HqyPIU7;}M&wxC|$0ZmE0&-IYj5#(S zoA{7Ok(VF3@F}Z;E(l0Kj#t1CPIF+4j)0t3x@ikz1N{&^b70iHnvNgRs$mSffP7VL zE6L-6R1KqFs(JYlwi-rnRl^YYb6{L=0`l7mJCL~M&@m!Q@=E?=tkhTend2F%f?;~k zfgu~rfgwGkkIHddGY@QS73>}TJSoC{M4r)Dw(!QwFT~Qk)p{qEk-b_kKdAXhK(L23 zm!W5vtWh}W{h(i?m%%bd)&h!v^D(L|Y#-T65FFRSf)d=113W1hKkJmD7PPj0U^Q?b z&MxGvg|zhw=Nn_I4bntDkBk!n&vo)^ycwKN+Et>#`GKSU#4-Nbl$*FZ8?Yu8W3 z21mYcB2bBAtarliraz9yb@J0smvH1`LPDi|CUdFlp(qk3)n*@3tf z$`=QWd|U)NGBhAkR~>Y|TK%;FO9AmaaP{D-RSdm#Jun}^MX1404W^eHFd1ptD!f^E z<5i~O#HWwQ& &`l1Y>B-(#HCbBVaEhKHw0Hin9!dS!0^xqB|sY+iP=7Dw01M94U z{RQcOiG+pehY5@eE|ZR5Qx~7F$sLTh*;@g{hGUkALo+#8SBQVM8}BP5pob7k>Sh^# z)x{_E%E#`wAb#A}EN6r4JK`a|mh!IB++tz4&niv@cheuL&4Q^^N-n}lr& zGXP3)n_^yg_l}6|9T7Nc$s+=uOCzFPMD%WMIwGd2LyqQ^5xLBWbbChxtI(211U&EM zhV2?c~1+u`QWyNaBdp-yiz`x9<~eHvqq@(Hef2i&1d zI-8E??7kC2_y+W`k8T-=4&vnQXqfDA<8kwyP+69KL;RUem(Hpj7qRB>fLmP{*XK`u z{jYBw90@=1<&bRd_~9S9B8GwBj*<8=RC1m`<=XlHD(Aq1sGJ99P&pT#MCE*V8kK9_ zbEupbzeD9}cOI47;nz^Py?ql^k8efeUVTS&55YcJxS#O0$$R^~nW){HoN%&p@m|`6 z+O%T_Y6Mjxr%&DXc+j+uJoSg!)jziszHIu!O#Ym=_k4UN3rA<^gD`Na1c5i zGr%R>**|j!`({}z>;594g?^LbES7B!9gpayXLFxJFb{zC^L)orBZp-i_K)J%2mI~N ze*6k3u46(-4!?v*1F~@GEcVZQxmf$@uShYG)yQ7-Fr+#-`U|9`>9h0Su%9_Rx3Eb| U#w^wU-rwIWxwCl~{*(Uy1!!?=+5i9m literal 0 HcmV?d00001 diff --git a/main/reentrancy.c b/main/reentrancy.c index 213e82bd8c..6699817510 100644 --- a/main/reentrancy.c +++ b/main/reentrancy.c @@ -187,11 +187,14 @@ PHPAPI char *php_ctime_r(const time_t *clock, char *buf) local_lock(CTIME_R); tmp = ctime(clock); - strcpy(buf, tmp); + if (tmp) { + strcpy(buf, tmp); + tmp = buf; + } local_unlock(CTIME_R); - return buf; + return tmp; } #endif @@ -205,11 +208,14 @@ PHPAPI char *php_asctime_r(const struct tm *tm, char *buf) local_lock(ASCTIME_R); tmp = asctime(tm); - strcpy(buf, tmp); + if (tmp) { + strcpy(buf, tmp); + tmp = buf; + } local_unlock(ASCTIME_R); - return buf; + return tmp; } #endif -- 2.50.1