2022-09-20 17:33:10 |
Martin Kucej |
bug |
|
|
added bug |
2022-09-21 12:39:02 |
Athos Ribeiro |
bug |
|
|
added subscriber Athos Ribeiro |
2022-09-21 13:10:15 |
Athos Ribeiro |
bug task added |
|
php8.1 (Ubuntu) |
|
2022-09-21 13:10:26 |
Athos Ribeiro |
php-defaults (Ubuntu): status |
New |
Invalid |
|
2022-09-21 13:10:37 |
Athos Ribeiro |
nominated for series |
|
Ubuntu Jammy |
|
2022-09-21 13:10:37 |
Athos Ribeiro |
bug task added |
|
php-defaults (Ubuntu Jammy) |
|
2022-09-21 13:10:37 |
Athos Ribeiro |
bug task added |
|
php8.1 (Ubuntu Jammy) |
|
2022-09-21 13:10:49 |
Athos Ribeiro |
bug task deleted |
php-defaults (Ubuntu Jammy) |
|
|
2022-09-21 13:11:03 |
Athos Ribeiro |
php8.1 (Ubuntu): status |
New |
Invalid |
|
2022-09-21 14:30:06 |
Athos Ribeiro |
php8.1 (Ubuntu Jammy): status |
New |
Triaged |
|
2022-09-21 14:30:11 |
Athos Ribeiro |
php8.1 (Ubuntu Jammy): assignee |
|
Athos Ribeiro (athos-ribeiro) |
|
2022-09-21 14:30:23 |
Athos Ribeiro |
bug |
|
|
added subscriber Ubuntu Server |
2022-09-21 14:30:32 |
Athos Ribeiro |
tags |
|
server-todo |
|
2022-10-19 13:17:43 |
Athos Ribeiro |
description |
Ubuntu 22.04 default PHP package (2:8.1+92ubuntu1) contains the pre-8.1.6 bug:
https://www.php.net/ChangeLog-8.php#8.1.6
Streams:
Fixed php://temp does not preserve file-position when switched to temporary file.
Fixed in:
https://github.com/php/php-src/commit/84c18f9f04cb9852d992194e613927154f765192
Current workaround:
When opening php://temp, prevent its conversion to a file by increasing maxmemory to whatever number your application needs:
$fp = fopen("php://temp/maxmemory:5242880", 'w+'); |
[ Impact ]
PHP gives users access to the temporary data stream php://temp (see https://www.php.net/manual/en/wrappers.php.php for further reference). These data streams are stored in memory until it reaches a predefined size limit. When it happens, PHP internally moves the data from memory to a temporary file.
In jammy, when thise move from memory to disk happens, the file position is not preserved. Instead, PHP will set the file position to the end of the file.
This will result in corrupted/unwanted data being generated when users are manipulating the files in a lower level.
The proposed patch fixes the issue by preserving the file position when the data stream is moved from memory to a file.
[ Test Plan ]
The following PHP snippet reproduces the bug. Run it after applying the fix and verify the output is as expected (listed after the script).
<?php
$f = fopen('php://temp/maxmemory:1024', 'r+');
fwrite($f, str_repeat("1", 738));
fseek($f, 0, SEEK_SET);
fwrite($f, str_repeat("2", 512));
fseek($f, 0, SEEK_SET);
var_dump(fread($f, 16));
fseek($f, 0, SEEK_END);
var_dump(ftell($f));
?>
Buggy PHP output:
$ php reproduce.php
string(16) "1111111111111111"
int(1250)
Fixed PHP output:
$ php reproduce.php
string(16) "2222222222222222"
int(738)
[ Where problems could occur ]
If the proposed patch (originated from and already released by the upstream project) contains any flaws, they would likely be manifested through a different bug when manipulating file positions for the php temporary data streams (instead of having a full regression). We would then need to work with upstream to find the best solution for the new issue.
[ Other Info ]
The proposed patch was released in PHP 8.1.6. Therefore, it only affects jammy.
[ Original message ]
Ubuntu 22.04 default PHP package (2:8.1+92ubuntu1) contains the pre-8.1.6 bug:
https://www.php.net/ChangeLog-8.php#8.1.6
Streams:
Fixed php://temp does not preserve file-position when switched to temporary file.
Fixed in:
https://github.com/php/php-src/commit/84c18f9f04cb9852d992194e613927154f765192
Current workaround:
When opening php://temp, prevent its conversion to a file by increasing maxmemory to whatever number your application needs:
$fp = fopen("php://temp/maxmemory:5242880", 'w+'); |
|
2022-10-19 21:27:31 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~athos-ribeiro/ubuntu/+source/php8.1/+git/php8.1/+merge/431855 |
|
2022-10-24 12:49:21 |
Athos Ribeiro |
php8.1 (Ubuntu Jammy): status |
Triaged |
In Progress |
|
2022-10-24 12:49:40 |
Athos Ribeiro |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2022-11-16 16:03:30 |
Robie Basak |
php8.1 (Ubuntu Jammy): status |
In Progress |
Fix Committed |
|
2022-11-16 16:03:32 |
Robie Basak |
bug |
|
|
added subscriber SRU Verification |
2022-11-16 16:03:34 |
Robie Basak |
tags |
server-todo |
server-todo verification-needed verification-needed-jammy |
|
2022-11-16 18:35:25 |
Athos Ribeiro |
tags |
server-todo verification-needed verification-needed-jammy |
server-todo verification-done verification-done-jammy |
|
2022-11-24 18:36:14 |
Andreas Hasenack |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2022-11-24 18:36:39 |
Launchpad Janitor |
php8.1 (Ubuntu Jammy): status |
Fix Committed |
Fix Released |
|