Edit report at https://bugs.php.net/bug.php?id=64830&edit=1
ID: 64830
Updated by: a...@php.net
Reported by: bluewind at xinu dot at
Summary: mimetype detection segfaults on mp3 file
-Status: Feedback
+Status: Assigned
Type: Bug
Package: Unknown/Other Function
Operating System: Arch Linux
PHP Version: 5.4.15
Assigned To: ab
Block user comment: N
Private report: N
Previous Comments:
------------------------------------------------------------------------
[2013-05-13 18:42:53] bluewind at xinu dot at
Simple backtrace of the cli executable below. Do you want a full one or is this
enough?
#0 0x00007ffff67751c9 in raise () from /usr/lib/libc.so.6
#1 0x00007ffff67765c8 in abort () from /usr/lib/libc.so.6
#2 0x00007ffff67b3037 in __libc_message () from /usr/lib/libc.so.6
#3 0x00007ffff67b88ae in malloc_printerr () from /usr/lib/libc.so.6
#4 0x00007ffff67b9587 in _int_free () from /usr/lib/libc.so.6
#5 0x0000000000586026 in mget (ms=0x7ffff7e1db78, s=0x7ffff5f87070 "ID3\004",
m=0xa8cc40 <php_magic_database+1754848>, nbytes=262144, o=0, cont_level=1,
mode=32, text=0, flip=0, recursion_level=1, printed_something=0x7fffffff99b0,
need_separator=0x7fffffff99ac,
returnval=0x7fffffff98f8) at
/home/flo/git/php-src/ext/fileinfo/libmagic/softmagic.c:1702
#6 0x000000000058253e in match (ms=0x7ffff7e1db78, magic=0x8e0658
<php_magic_database+248>, nmagic=9899, s=0x7ffff5f87070 "ID3\004",
nbytes=262144, offset=0, mode=32, text=0, flip=0, recursion_level=0,
printed_something=0x7fffffff99b0, need_separator=0x7fffffff99ac,
returnval=0x7fffffff98f8) at
/home/flo/git/php-src/ext/fileinfo/libmagic/softmagic.c:244
#7 0x000000000058200c in file_softmagic (ms=0x7ffff7e1db78, buf=0x7ffff5f87070
"ID3\004", nbytes=262144, mode=32, text=0) at
/home/flo/git/php-src/ext/fileinfo/libmagic/softmagic.c:82
#8 0x000000000057fe43 in file_buffer (ms=0x7ffff7e1db78,
stream=0x7ffff7e1d368, inname=0x0, buf=0x7ffff5f87070, nb=262144) at
/home/flo/git/php-src/ext/fileinfo/libmagic/funcs.c:238
#9 0x0000000000580ed7 in file_or_stream (ms=0x7ffff7e1db78, inname=0x0,
stream=0x7ffff7e1d368) at
/home/flo/git/php-src/ext/fileinfo/libmagic/magic.c:412
#10 0x0000000000580cba in magic_stream (ms=0x7ffff7e1db78,
stream=0x7ffff7e1d368) at
/home/flo/git/php-src/ext/fileinfo/libmagic/magic.c:344
#11 0x0000000000573b0c in _php_finfo_get_type (ht=1,
return_value=0x7ffff7e1ebd0, return_value_ptr=0x0, this_ptr=0x7ffff7ff7a08,
return_value_used=1, mode=2, mimetype_emu=0) at
/home/flo/git/php-src/ext/fileinfo/fileinfo.c:540
#12 0x0000000000573d21 in zif_finfo_file (ht=1, return_value=0x7ffff7e1ebd0,
return_value_ptr=0x0, this_ptr=0x7ffff7ff7a08, return_value_used=1) at
/home/flo/git/php-src/ext/fileinfo/fileinfo.c:578
#13 0x00000000007cd002 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7ffff7fbb1c8) at
/home/flo/git/php-src/Zend/zend_vm_execute.h:643
#14 0x00000000007cd66c in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0x7ffff7fbb1c8) at
/home/flo/git/php-src/Zend/zend_vm_execute.h:754
#15 0x00000000007cc5c1 in execute (op_array=0x103c1d0) at
/home/flo/git/php-src/Zend/zend_vm_execute.h:410
#16 0x000000000079376c in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /home/flo/git/php-src/Zend/zend.c:1315
#17 0x000000000070ff28 in php_execute_script (primary_file=0x7fffffffd3b0) at
/home/flo/git/php-src/main/main.c:2492
#18 0x00000000008337f4 in do_cli (argc=2, argv=0x7fffffffd748) at
/home/flo/git/php-src/sapi/cli/php_cli.c:988
#19 0x0000000000834799 in main (argc=2, argv=0x7fffffffd748) at
/home/flo/git/php-src/sapi/cli/php_cli.c:1364
------------------------------------------------------------------------
[2013-05-13 18:02:18] paj...@php.net
can you try using CLI please?
And it would be very helpful to either use a debug build or load the debug
symbols
to generate the backtrace.
------------------------------------------------------------------------
[2013-05-13 17:58:07] bluewind at xinu dot at
Description:
------------
Uploading an mp3 file or using fileinfo to check the mimetype of an mp3 file
causes a crash.
5.4.14 works fine, 5.4.15 crashes.
I bisected it down to 10367fa7c6a4a2cf9bee02d8905e284185428f09.
Doesn't seem to happen for every mp3 file so here's the one I used:
http://flo.server-speed.net/tmp/php-bug-mp3/test.mp3
If you need any more information to track it down or can't reproduce it, I'm
happy to help.
Test script:
---------------
<?php
function mimetype($file) {
$fileinfo = new finfo(FILEINFO_MIME_TYPE);
$mimetype = $fileinfo->file($file);
return $mimetype;
}
echo mimetype ("test.mp3")."\n";
Expected result:
----------------
Output should be "audio/mpeg" and it shouldn't crash.
Actual result:
--------------
*** Error in `/home/flo/git/php-src/sapi/cgi/php-cgi': munmap_chunk(): invalid
pointer: 0x00007f31e3dc24f0 ***
======= Backtrace: =========
/usr/lib/libc.so.6(+0x788ae)[0x7f31e258a8ae]
/home/flo/git/php-src/sapi/cgi/php-cgi[0x5860d6]
/home/flo/git/php-src/sapi/cgi/php-cgi[0x5825ee]
/home/flo/git/php-src/sapi/cgi/php-cgi[0x5820bc]
/home/flo/git/php-src/sapi/cgi/php-cgi[0x57fef3]
/home/flo/git/php-src/sapi/cgi/php-cgi[0x580f87]
/home/flo/git/php-src/sapi/cgi/php-cgi[0x580d6a]
/home/flo/git/php-src/sapi/cgi/php-cgi[0x573bbc]
/home/flo/git/php-src/sapi/cgi/php-cgi[0x573dd1]
/home/flo/git/php-src/sapi/cgi/php-cgi[0x7cd0b2]
/home/flo/git/php-src/sapi/cgi/php-cgi[0x7cd71c]
/home/flo/git/php-src/sapi/cgi/php-cgi(execute+0x369)[0x7cc671]
/home/flo/git/php-src/sapi/cgi/php-cgi(zend_execute_scripts+0x23c)[0x79381c]
/home/flo/git/php-src/sapi/cgi/php-cgi(php_execute_script+0x370)[0x70ffd8]
/home/flo/git/php-src/sapi/cgi/php-cgi[0x8370bb]
/usr/lib/libc.so.6(__libc_start_main+0xf5)[0x7f31e2533a15]
/home/flo/git/php-src/sapi/cgi/php-cgi[0x41fca9]
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=64830&edit=1
