Summary: | dev-php/pecl-geoip-1.1.0 - segmentation fault in php on corrupt GeoIPCity.dat where libGeoIP returns NULL | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Deniss Gaplevsky <slim> |
Component: | Current packages | Assignee: | PHP Bugs <php-bugs> |
Status: | RESOLVED FIXED | ||
Severity: | normal | Keywords: | PATCH |
Priority: | Normal | ||
Version: | 10.1 | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://bugs.php.net/bug.php?id=67231 https://bugs.php.net/bug.php?id=68277 |
||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: | patch to prevent segfaults in GeoIP_record_by_name() due NULL passed as first arg |
Description
Deniss Gaplevsky
2014-10-21 15:09:09 UTC
The upstream bug report seems to be about a segmentation fault in libGeoIP, which is in the domain of dev-libs/geoip, not dev-php/pecl-geoip. 1) Please post your `emerge --info dev-libs/geoip' output in a comment. 2) Please explain how that broken database got there. :) the issue is pretty complex and comes out from libgeoip sins: 1. GeoIP_db_avail() does not make difference between GEOIP_*_EDITION_REV1 and GEOIP_*_EDITION_REV0 but GeoIP_open_type() does. 2. GeoIP_open_type() returns NULL when requested revision does not match actual revision of file. NULL is returned for few other cases as well. 3. GeoIP_record_by_name() (and other GeoIP_*_by_name()?) does not check first argument for NULL and segfaults. I contacted Boris Zentner (MaxMind) and he wrote me back that the pecl-geoip should manage all checks. A patch attached tries to open the file as GEOIP_CITY_EDITION_REV0 then as GEOIP_CITY_EDITION_REV1 if failed and finally check returned value for NULL Created attachment 387222 [details, diff]
patch to prevent segfaults in GeoIP_record_by_name() due NULL passed as first arg
this patch also fixes wrong revision guessing
mainstream patch available from https://bugs.php.net/bug.php?id=68277 The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ed1e3e3e8d7a610fafe873075454b35a2079b04a commit ed1e3e3e8d7a610fafe873075454b35a2079b04a Author: Jakov Smolić <jsmolic@gentoo.org> AuthorDate: 2022-08-09 07:11:40 +0000 Commit: Jakov Smolić <jsmolic@gentoo.org> CommitDate: 2022-08-09 07:11:40 +0000 dev-php/pecl-geoip: treeclean Closes: https://bugs.gentoo.org/857636 Closes: https://bugs.gentoo.org/526244 Signed-off-by: Jakov Smolić <jsmolic@gentoo.org> dev-php/pecl-geoip/Manifest | 1 - .../pecl-geoip/files/fix-failing-tests-1.1.1.patch | 46 ----------- .../files/fix-failing-tests-php8-1-1.1.1.patch | 71 ----------------- dev-php/pecl-geoip/files/php8-support-1.1.1.patch | 93 ---------------------- dev-php/pecl-geoip/metadata.xml | 8 -- dev-php/pecl-geoip/pecl-geoip-1.1.1-r4.ebuild | 22 ----- dev-php/pecl-geoip/pecl-geoip-1.1.1-r5.ebuild | 26 ------ profiles/package.mask | 7 -- 8 files changed, 274 deletions(-) |