From 816b4c1235d70b1b83d26c415f044fc04a48875f Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Mon, 29 Jun 2020 16:10:33 +0200
Subject: Fix #79756: finfo_file crash (FILEINFO_MIME)

If `ctime` or `asctime` return `NULL`, we must not attempt to copy the
buffer, but rather return `NULL` as well.
---
 NEWS                             |   3 +++
 ext/fileinfo/tests/bug79756.phpt |  16 ++++++++++++++++
 ext/fileinfo/tests/bug79756.xls  | Bin 0 -> 10752 bytes
 main/reentrancy.c                |  14 ++++++++++----
 4 files changed, 29 insertions(+), 4 deletions(-)
 create mode 100644 ext/fileinfo/tests/bug79756.phpt
 create mode 100644 ext/fileinfo/tests/bug79756.xls

diff --git a/NEWS b/NEWS
index c5051c26a4..5ba6019106 100644
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,9 @@ PHP                                                                        NEWS
   . Fixed bug #79741 (curl_setopt CURLOPT_POSTFIELDS asserts on object with
     declared properties). (Nikita)
 
+- Fileinfo:
+  . Fixed bug #79756 (finfo_file crash (FILEINFO_MIME)). (cmb)
+
 - FTP:
   . Fixed bug #55857 (ftp_size on large files). (cmb)
 
diff --git a/ext/fileinfo/tests/bug79756.phpt b/ext/fileinfo/tests/bug79756.phpt
new file mode 100644
index 0000000000..4aeeb2a266
--- /dev/null
+++ b/ext/fileinfo/tests/bug79756.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Bug #79756 (finfo_file crash (FILEINFO_MIME))
+--SKIPIF--
+<?php
+if (!extension_loaded('fileinfo')) die('skip fileinfo extension not available');
+?>
+--FILE--
+<?php
+$filename = __DIR__ . '/bug79756.xls';
+$finfo = finfo_open(FILEINFO_MIME);
+$mime = finfo_file($finfo, $filename);
+finfo_close($finfo);
+echo $mime;
+?>
+--EXPECT--
+application/vnd.ms-excel; charset=binary
diff --git a/ext/fileinfo/tests/bug79756.xls b/ext/fileinfo/tests/bug79756.xls
new file mode 100644
index 0000000000..4087523cf7
Binary files /dev/null and b/ext/fileinfo/tests/bug79756.xls differ
diff --git a/main/reentrancy.c b/main/reentrancy.c
index 213e82bd8c..6699817510 100644
--- a/main/reentrancy.c
+++ b/main/reentrancy.c
@@ -187,11 +187,14 @@ PHPAPI char *php_ctime_r(const time_t *clock, char *buf)
 	local_lock(CTIME_R);
 
 	tmp = ctime(clock);
-	strcpy(buf, tmp);
+	if (tmp) {
+		strcpy(buf, tmp);
+		tmp = buf;
+	}
 
 	local_unlock(CTIME_R);
 
-	return buf;
+	return tmp;
 }
 
 #endif
@@ -205,11 +208,14 @@ PHPAPI char *php_asctime_r(const struct tm *tm, char *buf)
 	local_lock(ASCTIME_R);
 
 	tmp = asctime(tm);
-	strcpy(buf, tmp);
+	if (tmp) {
+		strcpy(buf, tmp);
+		tmp = buf;
+	}
 
 	local_unlock(ASCTIME_R);
 
-	return buf;
+	return tmp;
 }
 
 #endif
-- 
cgit v1.2.1