Edit report at https://bugs.php.net/bug.php?id=64830&edit=1
ID: 64830 Updated by: a...@php.net Reported by: bluewind at xinu dot at Summary: mimetype detection segfaults on mp3 file -Status: Assigned +Status: Closed Type: Bug Package: Unknown/Other Function Operating System: Arch Linux PHP Version: 5.4.15 Assigned To: ab Block user comment: N Private report: N New Comment: Automatic comment on behalf of ab Revision: http://git.php.net/?p=php-src.git;a=commit;h=74555e7c26b2c61bb8e67b7d6a6f4d2b8eb3a5f3 Log: Fixed bug #64830 mimetype detection segfaults on mp3 file Previous Comments: ------------------------------------------------------------------------ [2013-05-13 18:42:53] bluewind at xinu dot at Simple backtrace of the cli executable below. Do you want a full one or is this enough? #0 0x00007ffff67751c9 in raise () from /usr/lib/libc.so.6 #1 0x00007ffff67765c8 in abort () from /usr/lib/libc.so.6 #2 0x00007ffff67b3037 in __libc_message () from /usr/lib/libc.so.6 #3 0x00007ffff67b88ae in malloc_printerr () from /usr/lib/libc.so.6 #4 0x00007ffff67b9587 in _int_free () from /usr/lib/libc.so.6 #5 0x0000000000586026 in mget (ms=0x7ffff7e1db78, s=0x7ffff5f87070 "ID3\004", m=0xa8cc40 <php_magic_database+1754848>, nbytes=262144, o=0, cont_level=1, mode=32, text=0, flip=0, recursion_level=1, printed_something=0x7fffffff99b0, need_separator=0x7fffffff99ac, returnval=0x7fffffff98f8) at /home/flo/git/php-src/ext/fileinfo/libmagic/softmagic.c:1702 #6 0x000000000058253e in match (ms=0x7ffff7e1db78, magic=0x8e0658 <php_magic_database+248>, nmagic=9899, s=0x7ffff5f87070 "ID3\004", nbytes=262144, offset=0, mode=32, text=0, flip=0, recursion_level=0, printed_something=0x7fffffff99b0, need_separator=0x7fffffff99ac, returnval=0x7fffffff98f8) at /home/flo/git/php-src/ext/fileinfo/libmagic/softmagic.c:244 #7 0x000000000058200c in file_softmagic (ms=0x7ffff7e1db78, buf=0x7ffff5f87070 "ID3\004", nbytes=262144, mode=32, text=0) at /home/flo/git/php-src/ext/fileinfo/libmagic/softmagic.c:82 #8 0x000000000057fe43 in file_buffer (ms=0x7ffff7e1db78, stream=0x7ffff7e1d368, inname=0x0, buf=0x7ffff5f87070, nb=262144) at /home/flo/git/php-src/ext/fileinfo/libmagic/funcs.c:238 #9 0x0000000000580ed7 in file_or_stream (ms=0x7ffff7e1db78, inname=0x0, stream=0x7ffff7e1d368) at /home/flo/git/php-src/ext/fileinfo/libmagic/magic.c:412 #10 0x0000000000580cba in magic_stream (ms=0x7ffff7e1db78, stream=0x7ffff7e1d368) at /home/flo/git/php-src/ext/fileinfo/libmagic/magic.c:344 #11 0x0000000000573b0c in _php_finfo_get_type (ht=1, return_value=0x7ffff7e1ebd0, return_value_ptr=0x0, this_ptr=0x7ffff7ff7a08, return_value_used=1, mode=2, mimetype_emu=0) at /home/flo/git/php-src/ext/fileinfo/fileinfo.c:540 #12 0x0000000000573d21 in zif_finfo_file (ht=1, return_value=0x7ffff7e1ebd0, return_value_ptr=0x0, this_ptr=0x7ffff7ff7a08, return_value_used=1) at /home/flo/git/php-src/ext/fileinfo/fileinfo.c:578 #13 0x00000000007cd002 in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7fbb1c8) at /home/flo/git/php-src/Zend/zend_vm_execute.h:643 #14 0x00000000007cd66c in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x7ffff7fbb1c8) at /home/flo/git/php-src/Zend/zend_vm_execute.h:754 #15 0x00000000007cc5c1 in execute (op_array=0x103c1d0) at /home/flo/git/php-src/Zend/zend_vm_execute.h:410 #16 0x000000000079376c in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/flo/git/php-src/Zend/zend.c:1315 #17 0x000000000070ff28 in php_execute_script (primary_file=0x7fffffffd3b0) at /home/flo/git/php-src/main/main.c:2492 #18 0x00000000008337f4 in do_cli (argc=2, argv=0x7fffffffd748) at /home/flo/git/php-src/sapi/cli/php_cli.c:988 #19 0x0000000000834799 in main (argc=2, argv=0x7fffffffd748) at /home/flo/git/php-src/sapi/cli/php_cli.c:1364 ------------------------------------------------------------------------ [2013-05-13 18:02:18] paj...@php.net can you try using CLI please? And it would be very helpful to either use a debug build or load the debug symbols to generate the backtrace. ------------------------------------------------------------------------ [2013-05-13 17:58:07] bluewind at xinu dot at Description: ------------ Uploading an mp3 file or using fileinfo to check the mimetype of an mp3 file causes a crash. 5.4.14 works fine, 5.4.15 crashes. I bisected it down to 10367fa7c6a4a2cf9bee02d8905e284185428f09. Doesn't seem to happen for every mp3 file so here's the one I used: http://flo.server-speed.net/tmp/php-bug-mp3/test.mp3 If you need any more information to track it down or can't reproduce it, I'm happy to help. Test script: --------------- <?php function mimetype($file) { $fileinfo = new finfo(FILEINFO_MIME_TYPE); $mimetype = $fileinfo->file($file); return $mimetype; } echo mimetype ("test.mp3")."\n"; Expected result: ---------------- Output should be "audio/mpeg" and it shouldn't crash. Actual result: -------------- *** Error in `/home/flo/git/php-src/sapi/cgi/php-cgi': munmap_chunk(): invalid pointer: 0x00007f31e3dc24f0 *** ======= Backtrace: ========= /usr/lib/libc.so.6(+0x788ae)[0x7f31e258a8ae] /home/flo/git/php-src/sapi/cgi/php-cgi[0x5860d6] /home/flo/git/php-src/sapi/cgi/php-cgi[0x5825ee] /home/flo/git/php-src/sapi/cgi/php-cgi[0x5820bc] /home/flo/git/php-src/sapi/cgi/php-cgi[0x57fef3] /home/flo/git/php-src/sapi/cgi/php-cgi[0x580f87] /home/flo/git/php-src/sapi/cgi/php-cgi[0x580d6a] /home/flo/git/php-src/sapi/cgi/php-cgi[0x573bbc] /home/flo/git/php-src/sapi/cgi/php-cgi[0x573dd1] /home/flo/git/php-src/sapi/cgi/php-cgi[0x7cd0b2] /home/flo/git/php-src/sapi/cgi/php-cgi[0x7cd71c] /home/flo/git/php-src/sapi/cgi/php-cgi(execute+0x369)[0x7cc671] /home/flo/git/php-src/sapi/cgi/php-cgi(zend_execute_scripts+0x23c)[0x79381c] /home/flo/git/php-src/sapi/cgi/php-cgi(php_execute_script+0x370)[0x70ffd8] /home/flo/git/php-src/sapi/cgi/php-cgi[0x8370bb] /usr/lib/libc.so.6(__libc_start_main+0xf5)[0x7f31e2533a15] /home/flo/git/php-src/sapi/cgi/php-cgi[0x41fca9] ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=64830&edit=1
