Fixed bug #68671 incorrect expression in libmagic

2 files changed, 11 insertions, 4 deletions

diff --git a/NEWS b/NEWS
index f91a555d14..af21bb474f 100644
--- a/NEWS
+++ b/NEWS
@@ -25,6 +25,10 @@ PHP                                                                        NEWS
   . Fixed bug #67643 (curl_multi_getcontent returns '' when
     CURLOPT_RETURNTRANSFER isn't set). (Jille Timmermans)
 
+- Fileinfo:
+  . Fixed bug #68671 (incorrect expression in libmagic).
+    (Joshua Rogers, Anatol Belski)
+
 - GD:
   . Fixed bug #68601 (buffer read overflow in gd_gif_in.c). (Jan Bee, Remi)
 
diff --git a/ext/fileinfo/libmagic/print.c b/ext/fileinfo/libmagic/print.c
index eb4e6e8ce4..26bb2f7e97 100644
--- a/ext/fileinfo/libmagic/print.c
+++ b/ext/fileinfo/libmagic/print.c
@@ -59,16 +59,19 @@ protected void
 file_magwarn(struct magic_set *ms, const char *f, ...)
 {
 	va_list va;
-	char *expanded_format;
+	char *expanded_format = NULL;
+	int expanded_len;
 	TSRMLS_FETCH();
 
 	va_start(va, f);
-	if (vasprintf(&expanded_format, f, va)); /* silence */
+	expanded_len = vasprintf(&expanded_format, f, va);
 	va_end(va);
 	
-	php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Warning: %s", expanded_format);
+	if (expanded_len >= 0 && expanded_format) {
+		php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Warning: %s", expanded_format);
 
-	free(expanded_format);
+		free(expanded_format);
+	}
 }
 
 protected const char *