File: cve-2014-3538.phpt

package info (click to toggle)
php5 5.6.33%2Bdfsg-0%2Bdeb8u1
  • links: PTS, VCS
  • area: main
  • in suites: jessie
  • size: 157,872 kB
  • sloc: ansic: 756,065; php: 22,030; sh: 12,311; cpp: 8,771; xml: 6,179; yacc: 1,564; exp: 1,514; makefile: 1,467; pascal: 1,147; awk: 538; perl: 315; sql: 22
file content (35 lines) | stat: -rw-r--r-- 558 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
 
--TEST--
Bug #66731: file: extensive backtraking
--SKIPIF--
<?php
if (!class_exists('finfo'))
	die('skip no fileinfo extension');
--FILE--
<?php
$fd = __DIR__.'/cve-2014-3538.data';

file_put_contents($fd,
  'try:' .
  str_repeat("\n", 1000000));

$fi = finfo_open(FILEINFO_NONE);
$t = microtime(true);
var_dump(finfo_file($fi, $fd));
$t = microtime(true) - $t;
finfo_close($fi);
if ($t < 1) {
	echo "Ok\n";
} else {
	printf("Failed, time=%.2f\n", $t);
}

?>
Done
--CLEAN--
<?php
@unlink(__DIR__.'/cve-2014-3538.data');
?>
--EXPECTF--
string(%d) "%s"
Ok
Done