cmb69/.diff Secret

## .diff
From 124d04348554a930d3c87c46e492a23523d8752f Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Thu, 30 Jun 2022 17:15:22 +0200
Subject: [PATCH] Fix #81723: Memory corruption in finfo_buffer()

We need to use the same memory allocator throughout.
---
 ext/fileinfo/libmagic.patch       | 112 +++++++++++++++++-------------
 ext/fileinfo/libmagic/softmagic.c |   8 +--
 ext/fileinfo/tests/bug81723.phpt  |  12 ++++
 3 files changed, 79 insertions(+), 53 deletions(-)
 create mode 100644 ext/fileinfo/tests/bug81723.phpt

diff --git a/ext/fileinfo/libmagic.patch b/ext/fileinfo/libmagic.patch
index 27124692a0..3373ae4519 100644
--- a/ext/fileinfo/libmagic.patch
+++ b/ext/fileinfo/libmagic.patch
@@ -1,6 +1,6 @@
-diff -ur libmagic.orig/apprentice.c libmagic/apprentice.c
+diff -u libmagic.orig/apprentice.c libmagic/apprentice.c
 --- libmagic.orig/apprentice.c	2021-02-23 01:51:11.000000000 +0100
-+++ libmagic/apprentice.c	2021-04-06 21:34:57.332978922 +0200
++++ libmagic/apprentice.c	2022-06-16 13:39:41.570984700 +0200
 @@ -29,6 +29,8 @@
   * apprentice - make one pass through /etc/magic, learning its secrets.
   */
@@ -925,9 +925,9 @@ diff -ur libmagic.orig/apprentice.c libmagic/apprentice.c
  		m->str_range = swap4(m->str_range);
  		m->str_flags = swap4(m->str_flags);
  	}
-diff -ur libmagic.orig/ascmagic.c libmagic/ascmagic.c
+diff -u libmagic.orig/ascmagic.c libmagic/ascmagic.c
 --- libmagic.orig/ascmagic.c	2021-02-23 01:49:06.000000000 +0100
-+++ libmagic/ascmagic.c	2021-04-06 21:34:57.332978922 +0200
++++ libmagic/ascmagic.c	2022-06-16 13:39:41.570984700 +0200
 @@ -96,7 +96,7 @@
  		rv = file_ascmagic_with_encoding(ms, &bb,
  		    ubuf, ulen, code, type, text);
@@ -956,9 +956,9 @@ diff -ur libmagic.orig/ascmagic.c libmagic/ascmagic.c

  	return rv;
  }
-diff -ur libmagic.orig/buffer.c libmagic/buffer.c
+diff -u libmagic.orig/buffer.c libmagic/buffer.c
 --- libmagic.orig/buffer.c	2021-02-23 01:49:26.000000000 +0100
-+++ libmagic/buffer.c	2021-04-06 21:34:57.332978922 +0200
++++ libmagic/buffer.c	2021-09-21 13:27:27.982716100 +0200
 @@ -31,19 +31,23 @@
  #endif	/* lint */

@@ -1012,9 +1012,9 @@ diff -ur libmagic.orig/buffer.c libmagic/buffer.c
  		b->ebuf = NULL;
  		goto out;
  	}
-diff -ur libmagic.orig/cdf.c libmagic/cdf.c
+diff -u libmagic.orig/cdf.c libmagic/cdf.c
 --- libmagic.orig/cdf.c	2021-02-23 01:49:06.000000000 +0100
-+++ libmagic/cdf.c	2021-04-06 21:34:57.332978922 +0200
++++ libmagic/cdf.c	2021-09-21 13:27:27.983695600 +0200
 @@ -43,7 +43,17 @@
  #include <err.h>
  #endif
@@ -1247,9 +1247,9 @@ diff -ur libmagic.orig/cdf.c libmagic/cdf.c
  }

  #endif
-diff -ur libmagic.orig/cdf.h libmagic/cdf.h
+diff -u libmagic.orig/cdf.h libmagic/cdf.h
 --- libmagic.orig/cdf.h	2021-02-23 01:49:06.000000000 +0100
-+++ libmagic/cdf.h	2021-04-06 21:34:57.332978922 +0200
++++ libmagic/cdf.h	2021-09-21 13:27:27.984674900 +0200
 @@ -35,10 +35,10 @@
  #ifndef _H_CDF_
  #define _H_CDF_
@@ -1264,9 +1264,9 @@ diff -ur libmagic.orig/cdf.h libmagic/cdf.h
  #endif
  #ifdef __DJGPP__
  #define timespec timeval
-diff -ur libmagic.orig/cdf_time.c libmagic/cdf_time.c
+diff -u libmagic.orig/cdf_time.c libmagic/cdf_time.c
 --- libmagic.orig/cdf_time.c	2021-02-23 01:49:06.000000000 +0100
-+++ libmagic/cdf_time.c	2021-04-06 21:34:57.336978894 +0200
++++ libmagic/cdf_time.c	2021-09-21 13:27:27.985654400 +0200
 @@ -23,6 +23,7 @@
   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
   * POSSIBILITY OF SUCH DAMAGE.
@@ -1293,9 +1293,9 @@ diff -ur libmagic.orig/cdf_time.c libmagic/cdf_time.c
  	if (ptr != NULL)
  		return buf;
  	(void)snprintf(buf, 26, "*Bad* %#16.16" INT64_T_FORMAT "x\n",
-diff -ur libmagic.orig/compress.c libmagic/compress.c
+diff -u libmagic.orig/compress.c libmagic/compress.c
 --- libmagic.orig/compress.c	2021-02-23 01:49:07.000000000 +0100
-+++ libmagic/compress.c	2021-04-06 21:34:57.336978894 +0200
++++ libmagic/compress.c	2022-06-16 13:39:41.586609800 +0200
 @@ -51,7 +51,7 @@
  #ifndef HAVE_SIG_T
  typedef void (*sig_t)(int);
@@ -1430,9 +1430,9 @@ diff -ur libmagic.orig/compress.c libmagic/compress.c
  }
  #endif
 +#endif
-diff -ur libmagic.orig/der.c libmagic/der.c
+diff -u libmagic.orig/der.c libmagic/der.c
 --- libmagic.orig/der.c	2021-02-23 01:49:06.000000000 +0100
-+++ libmagic/der.c	2021-04-06 21:34:57.336978894 +0200
++++ libmagic/der.c	2022-06-16 13:39:41.586609800 +0200
 @@ -54,7 +54,9 @@
  #include "magic.h"
  #include "der.h"
@@ -1443,9 +1443,9 @@ diff -ur libmagic.orig/der.c libmagic/der.c
  #include <sys/stat.h>
  #include <err.h>
  #endif
-diff -ur libmagic.orig/elfclass.h libmagic/elfclass.h
+diff -u libmagic.orig/elfclass.h libmagic/elfclass.h
 --- libmagic.orig/elfclass.h	2021-02-23 01:49:06.000000000 +0100
-+++ libmagic/elfclass.h	2021-04-06 21:34:57.336978894 +0200
++++ libmagic/elfclass.h	2021-09-21 13:27:27.989571700 +0200
 @@ -41,7 +41,7 @@
  			return toomany(ms, "program headers", phnum);
  		flags |= FLAGS_IS_CORE;
@@ -1473,9 +1473,9 @@ diff -ur libmagic.orig/elfclass.h libmagic/elfclass.h
  		    CAST(size_t, elf_getu16(swap, elfhdr.e_shentsize)),
  		    fsize, elf_getu16(swap, elfhdr.e_machine),
  		    CAST(int, elf_getu16(swap, elfhdr.e_shstrndx)),
-diff -ur libmagic.orig/encoding.c libmagic/encoding.c
+diff -u libmagic.orig/encoding.c libmagic/encoding.c
 --- libmagic.orig/encoding.c	2021-02-23 01:49:06.000000000 +0100
-+++ libmagic/encoding.c	2021-04-06 21:34:57.336978894 +0200
++++ libmagic/encoding.c	2022-06-16 13:39:41.586609800 +0200
 @@ -98,14 +98,14 @@
  		nbytes = ms->encoding_max;

@@ -1514,9 +1514,9 @@ diff -ur libmagic.orig/encoding.c libmagic/encoding.c
  	} \
  	if (u < 3) \
  		return 0; \
-diff -ur libmagic.orig/file.h libmagic/file.h
+diff -u libmagic.orig/file.h libmagic/file.h
 --- libmagic.orig/file.h	2021-02-23 01:49:06.000000000 +0100
-+++ libmagic/file.h	2021-04-06 21:34:57.336978894 +0200
++++ libmagic/file.h	2022-06-16 13:39:41.586609800 +0200
 @@ -33,17 +33,14 @@
  #ifndef __file_h__
  #define __file_h__
@@ -1775,9 +1775,9 @@ diff -ur libmagic.orig/file.h libmagic/file.h
 +#endif
 +
  #endif /* __file_h__ */
-diff -ur libmagic.orig/fsmagic.c libmagic/fsmagic.c
+diff -u libmagic.orig/fsmagic.c libmagic/fsmagic.c
 --- libmagic.orig/fsmagic.c	2021-02-23 01:49:06.000000000 +0100
-+++ libmagic/fsmagic.c	2021-04-06 21:34:57.336978894 +0200
++++ libmagic/fsmagic.c	2021-09-21 13:27:27.992511000 +0200
 @@ -66,26 +66,10 @@
  # define minor(dev)  ((dev) & 0xff)
  #endif
@@ -2068,9 +2068,9 @@ diff -ur libmagic.orig/fsmagic.c libmagic/fsmagic.c
  #ifdef	S_IFSOCK
  #ifndef __COHERENT__
  	case S_IFSOCK:
-diff -ur libmagic.orig/funcs.c libmagic/funcs.c
+diff -u libmagic.orig/funcs.c libmagic/funcs.c
 --- libmagic.orig/funcs.c	2021-02-23 01:49:06.000000000 +0100
-+++ libmagic/funcs.c	2021-04-06 21:34:57.336978894 +0200
++++ libmagic/funcs.c	2022-06-16 13:39:41.586609800 +0200
 @@ -51,6 +51,13 @@
  #define SIZE_MAX	((size_t)~0)
  #endif
@@ -2388,9 +2388,9 @@ diff -ur libmagic.orig/funcs.c libmagic/funcs.c

  protected char *
  file_strtrim(char *str)
-diff -ur libmagic.orig/magic.c libmagic/magic.c
+diff -u libmagic.orig/magic.c libmagic/magic.c
 --- libmagic.orig/magic.c	2021-02-23 01:49:06.000000000 +0100
-+++ libmagic/magic.c	2021-04-06 21:34:57.336978894 +0200
++++ libmagic/magic.c	2022-06-16 13:39:41.586609800 +0200
 @@ -25,11 +25,6 @@
   * SUCH DAMAGE.
   */
@@ -2867,9 +2867,9 @@ diff -ur libmagic.orig/magic.c libmagic/magic.c
  		return NULL;
  	}
  	return file_getbuffer(ms);
-diff -ur libmagic.orig/magic.h libmagic/magic.h
---- libmagic.orig/magic.h	2021-04-06 22:37:37.647426536 +0200
-+++ libmagic/magic.h	2021-04-06 21:34:57.336978894 +0200
+diff -u libmagic.orig/magic.h libmagic/magic.h
+--- libmagic.orig/magic.h	2022-06-30 17:16:06.144009900 +0200
++++ libmagic/magic.h	2022-06-16 13:39:41.586609800 +0200
 @@ -126,6 +126,7 @@

  const char *magic_getpath(const char *, int);
@@ -2878,9 +2878,9 @@ diff -ur libmagic.orig/magic.h libmagic/magic.h
  const char *magic_descriptor(magic_t, int);
  const char *magic_buffer(magic_t, const void *, size_t);

-diff -ur libmagic.orig/print.c libmagic/print.c
+diff -u libmagic.orig/print.c libmagic/print.c
 --- libmagic.orig/print.c	2021-02-23 01:49:07.000000000 +0100
-+++ libmagic/print.c	2021-04-06 21:34:57.340978869 +0200
++++ libmagic/print.c	2021-09-21 13:27:27.998388700 +0200
 @@ -28,6 +28,7 @@
  /*
   * print.c - debugging printout routines
@@ -2943,9 +2943,9 @@ diff -ur libmagic.orig/print.c libmagic/print.c

  	if (pp == NULL)
  		goto out;
-diff -ur libmagic.orig/readcdf.c libmagic/readcdf.c
+diff -u libmagic.orig/readcdf.c libmagic/readcdf.c
 --- libmagic.orig/readcdf.c	2021-02-23 01:49:08.000000000 +0100
-+++ libmagic/readcdf.c	2021-04-06 21:34:57.340978869 +0200
++++ libmagic/readcdf.c	2021-09-21 13:27:27.999369100 +0200
 @@ -31,7 +31,11 @@

  #include <assert.h>
@@ -3067,9 +3067,9 @@ diff -ur libmagic.orig/readcdf.c libmagic/readcdf.c
  out0:
  	/* If we handled it already, return */
  	if (i != -1)
-diff -ur libmagic.orig/softmagic.c libmagic/softmagic.c
+diff -u libmagic.orig/softmagic.c libmagic/softmagic.c
 --- libmagic.orig/softmagic.c	2021-02-23 01:49:06.000000000 +0100
-+++ libmagic/softmagic.c	2021-04-06 21:34:57.340978869 +0200
++++ libmagic/softmagic.c	2022-06-30 16:58:15.521661800 +0200
 @@ -43,6 +43,10 @@
  #include <time.h>
  #include "der.h"
@@ -3247,7 +3247,29 @@ diff -ur libmagic.orig/softmagic.c libmagic/softmagic.c
  	return rv;
  }

-@@ -1845,15 +1847,15 @@
+@@ -1531,11 +1533,7 @@
+ 	size_t len;
+ 	*c = ms->c;
+ 	len = c->len * sizeof(*c->li);
+-	ms->c.li = CAST(struct level_info *, malloc(len));
+-	if (ms->c.li == NULL) {
+-		ms->c = *c;
+-		return -1;
+-	}
++	ms->c.li = CAST(struct level_info *, emalloc(len));
+ 	memcpy(ms->c.li, c->li, len);
+ 	return 0;
+ }
+@@ -1543,7 +1541,7 @@
+ private void
+ restore_cont(struct magic_set *ms, struct cont *c)
+ {
+-	free(ms->c.li);
++	efree(ms->c.li);
+ 	ms->c = *c;
+ }
+
+@@ -1845,15 +1843,15 @@
  			if ((ms->flags & MAGIC_NODESC) == 0 &&
  			    file_printf(ms, F(ms, m->desc, "%u"), offset) == -1)
  			{
@@ -3266,7 +3288,7 @@ diff -ur libmagic.orig/softmagic.c libmagic/softmagic.c
  		return rv;

  	case FILE_USE:
-@@ -1958,10 +1960,13 @@
+@@ -1958,10 +1956,13 @@
  			}
  			else if ((flags & STRING_COMPACT_WHITESPACE) &&
  			    isspace(*a)) {
@@ -3281,7 +3303,7 @@ diff -ur libmagic.orig/softmagic.c libmagic/softmagic.c
  							b++;
  				}
  				else {
-@@ -1997,6 +2002,60 @@
+@@ -1997,6 +1998,60 @@
  	return file_strncmp(a, b, len, maxlen, flags);
  }

@@ -3342,7 +3364,7 @@ diff -ur libmagic.orig/softmagic.c libmagic/softmagic.c
  private int
  magiccheck(struct magic_set *ms, struct magic *m)
  {
-@@ -2176,65 +2235,77 @@
+@@ -2176,65 +2231,77 @@
  		break;
  	}
  	case FILE_REGEX: {
@@ -3471,9 +3493,9 @@ diff -ur libmagic.orig/softmagic.c libmagic/softmagic.c
  		break;
  	}
  	case FILE_USE:
-diff -ur libmagic.orig/strcasestr.c libmagic/strcasestr.c
+diff -u libmagic.orig/strcasestr.c libmagic/strcasestr.c
 --- libmagic.orig/strcasestr.c	2021-02-23 01:49:12.000000000 +0100
-+++ libmagic/strcasestr.c	2021-04-06 21:34:57.340978869 +0200
++++ libmagic/strcasestr.c	2021-09-21 13:27:28.002306200 +0200
 @@ -39,6 +39,8 @@

  #include "file.h"
@@ -3483,7 +3505,3 @@ diff -ur libmagic.orig/strcasestr.c libmagic/strcasestr.c
  #include <assert.h>
  #include <ctype.h>
  #include <string.h>
---- libmagic/config.h	2021-04-06 22:19:57.552120067 +0200
-+++ /dev/null	2021-03-31 20:37:24.776503884 +0200
-@@ -1 +0,0 @@
--#include "php.h"
diff --git a/ext/fileinfo/libmagic/softmagic.c b/ext/fileinfo/libmagic/softmagic.c
index c86524e31e..5132b4ddea 100644
--- a/ext/fileinfo/libmagic/softmagic.c
+++ b/ext/fileinfo/libmagic/softmagic.c
@@ -1533,11 +1533,7 @@ save_cont(struct magic_set *ms, struct cont *c)
 	size_t len;
 	*c = ms->c;
 	len = c->len * sizeof(*c->li);
-	ms->c.li = CAST(struct level_info *, malloc(len));
-	if (ms->c.li == NULL) {
-		ms->c = *c;
-		return -1;
-	}
+	ms->c.li = CAST(struct level_info *, emalloc(len));
 	memcpy(ms->c.li, c->li, len);
 	return 0;
 }
@@ -1545,7 +1541,7 @@ save_cont(struct magic_set *ms, struct cont *c)
 private void
 restore_cont(struct magic_set *ms, struct cont *c)
 {
-	free(ms->c.li);
+	efree(ms->c.li);
 	ms->c = *c;
 }

diff --git a/ext/fileinfo/tests/bug81723.phpt b/ext/fileinfo/tests/bug81723.phpt
new file mode 100644
index 0000000000..16bfb81f10
--- /dev/null
+++ b/ext/fileinfo/tests/bug81723.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Bug #81723 (Memory corruption in finfo_buffer())
+--EXTENSIONS--
+fileinfo
+--FILE--
+<?php
+$data = hex2bin("00018a7570001097db97979897977d87979797000092001f0051000000000000000000ffff7fff00000000001e0000000000000000000000000c0000000000000000000000000000dc0000000100000000000000004f011900007f0000000000180039000000000000000000000000000000dc0000000100000000000000004f011900007f0000f500000000eeff0000000000000000010000fd00");
+
+$f = finfo_open();
+finfo_buffer($f, $data);
+?>
+--EXPECT--
--
2.37.0.windows.1
	From 124d04348554a930d3c87c46e492a23523d8752f Mon Sep 17 00:00:00 2001
	From: "Christoph M. Becker" <cmbecker69@gmx.de>
	Date: Thu, 30 Jun 2022 17:15:22 +0200
	Subject: [PATCH] Fix #81723: Memory corruption in finfo_buffer()

	We need to use the same memory allocator throughout.
	---
	ext/fileinfo/libmagic.patch \| 112 +++++++++++++++++-------------
	ext/fileinfo/libmagic/softmagic.c \| 8 +--
	ext/fileinfo/tests/bug81723.phpt \| 12 ++++
	3 files changed, 79 insertions(+), 53 deletions(-)
	create mode 100644 ext/fileinfo/tests/bug81723.phpt

	diff --git a/ext/fileinfo/libmagic.patch b/ext/fileinfo/libmagic.patch
	index 27124692a0..3373ae4519 100644
	--- a/ext/fileinfo/libmagic.patch
	+++ b/ext/fileinfo/libmagic.patch
	@@ -1,6 +1,6 @@
	-diff -ur libmagic.orig/apprentice.c libmagic/apprentice.c
	+diff -u libmagic.orig/apprentice.c libmagic/apprentice.c
	--- libmagic.orig/apprentice.c 2021-02-23 01:51:11.000000000 +0100
	-+++ libmagic/apprentice.c 2021-04-06 21:34:57.332978922 +0200
	++++ libmagic/apprentice.c 2022-06-16 13:39:41.570984700 +0200
	@@ -29,6 +29,8 @@
	* apprentice - make one pass through /etc/magic, learning its secrets.
	*/
	@@ -925,9 +925,9 @@ diff -ur libmagic.orig/apprentice.c libmagic/apprentice.c
	m->str_range = swap4(m->str_range);
	m->str_flags = swap4(m->str_flags);
	}
	-diff -ur libmagic.orig/ascmagic.c libmagic/ascmagic.c
	+diff -u libmagic.orig/ascmagic.c libmagic/ascmagic.c
	--- libmagic.orig/ascmagic.c 2021-02-23 01:49:06.000000000 +0100
	-+++ libmagic/ascmagic.c 2021-04-06 21:34:57.332978922 +0200
	++++ libmagic/ascmagic.c 2022-06-16 13:39:41.570984700 +0200
	@@ -96,7 +96,7 @@
	rv = file_ascmagic_with_encoding(ms, &bb,
	ubuf, ulen, code, type, text);
	@@ -956,9 +956,9 @@ diff -ur libmagic.orig/ascmagic.c libmagic/ascmagic.c

	return rv;
	}
	-diff -ur libmagic.orig/buffer.c libmagic/buffer.c
	+diff -u libmagic.orig/buffer.c libmagic/buffer.c
	--- libmagic.orig/buffer.c 2021-02-23 01:49:26.000000000 +0100
	-+++ libmagic/buffer.c 2021-04-06 21:34:57.332978922 +0200
	++++ libmagic/buffer.c 2021-09-21 13:27:27.982716100 +0200
	@@ -31,19 +31,23 @@
	#endif /* lint */

	@@ -1012,9 +1012,9 @@ diff -ur libmagic.orig/buffer.c libmagic/buffer.c
	b->ebuf = NULL;
	goto out;
	}
	-diff -ur libmagic.orig/cdf.c libmagic/cdf.c
	+diff -u libmagic.orig/cdf.c libmagic/cdf.c
	--- libmagic.orig/cdf.c 2021-02-23 01:49:06.000000000 +0100
	-+++ libmagic/cdf.c 2021-04-06 21:34:57.332978922 +0200
	++++ libmagic/cdf.c 2021-09-21 13:27:27.983695600 +0200
	@@ -43,7 +43,17 @@
	#include <err.h>
	#endif
	@@ -1247,9 +1247,9 @@ diff -ur libmagic.orig/cdf.c libmagic/cdf.c
	}

	#endif
	-diff -ur libmagic.orig/cdf.h libmagic/cdf.h
	+diff -u libmagic.orig/cdf.h libmagic/cdf.h
	--- libmagic.orig/cdf.h 2021-02-23 01:49:06.000000000 +0100
	-+++ libmagic/cdf.h 2021-04-06 21:34:57.332978922 +0200
	++++ libmagic/cdf.h 2021-09-21 13:27:27.984674900 +0200
	@@ -35,10 +35,10 @@
	#ifndef _H_CDF_
	#define _H_CDF_
	@@ -1264,9 +1264,9 @@ diff -ur libmagic.orig/cdf.h libmagic/cdf.h
	#endif
	#ifdef __DJGPP__
	#define timespec timeval
	-diff -ur libmagic.orig/cdf_time.c libmagic/cdf_time.c
	+diff -u libmagic.orig/cdf_time.c libmagic/cdf_time.c
	--- libmagic.orig/cdf_time.c 2021-02-23 01:49:06.000000000 +0100
	-+++ libmagic/cdf_time.c 2021-04-06 21:34:57.336978894 +0200
	++++ libmagic/cdf_time.c 2021-09-21 13:27:27.985654400 +0200
	@@ -23,6 +23,7 @@
	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	* POSSIBILITY OF SUCH DAMAGE.
	@@ -1293,9 +1293,9 @@ diff -ur libmagic.orig/cdf_time.c libmagic/cdf_time.c
	if (ptr != NULL)
	return buf;
	(void)snprintf(buf, 26, "Bad %#16.16" INT64_T_FORMAT "x\n",
	-diff -ur libmagic.orig/compress.c libmagic/compress.c
	+diff -u libmagic.orig/compress.c libmagic/compress.c
	--- libmagic.orig/compress.c 2021-02-23 01:49:07.000000000 +0100
	-+++ libmagic/compress.c 2021-04-06 21:34:57.336978894 +0200
	++++ libmagic/compress.c 2022-06-16 13:39:41.586609800 +0200
	@@ -51,7 +51,7 @@
	#ifndef HAVE_SIG_T
	typedef void (*sig_t)(int);
	@@ -1430,9 +1430,9 @@ diff -ur libmagic.orig/compress.c libmagic/compress.c
	}
	#endif
	+#endif
	-diff -ur libmagic.orig/der.c libmagic/der.c
	+diff -u libmagic.orig/der.c libmagic/der.c
	--- libmagic.orig/der.c 2021-02-23 01:49:06.000000000 +0100
	-+++ libmagic/der.c 2021-04-06 21:34:57.336978894 +0200
	++++ libmagic/der.c 2022-06-16 13:39:41.586609800 +0200
	@@ -54,7 +54,9 @@
	#include "magic.h"
	#include "der.h"
	@@ -1443,9 +1443,9 @@ diff -ur libmagic.orig/der.c libmagic/der.c
	#include <sys/stat.h>
	#include <err.h>
	#endif
	-diff -ur libmagic.orig/elfclass.h libmagic/elfclass.h
	+diff -u libmagic.orig/elfclass.h libmagic/elfclass.h
	--- libmagic.orig/elfclass.h 2021-02-23 01:49:06.000000000 +0100
	-+++ libmagic/elfclass.h 2021-04-06 21:34:57.336978894 +0200
	++++ libmagic/elfclass.h 2021-09-21 13:27:27.989571700 +0200
	@@ -41,7 +41,7 @@
	return toomany(ms, "program headers", phnum);
	flags \|= FLAGS_IS_CORE;
	@@ -1473,9 +1473,9 @@ diff -ur libmagic.orig/elfclass.h libmagic/elfclass.h
	CAST(size_t, elf_getu16(swap, elfhdr.e_shentsize)),
	fsize, elf_getu16(swap, elfhdr.e_machine),
	CAST(int, elf_getu16(swap, elfhdr.e_shstrndx)),
	-diff -ur libmagic.orig/encoding.c libmagic/encoding.c
	+diff -u libmagic.orig/encoding.c libmagic/encoding.c
	--- libmagic.orig/encoding.c 2021-02-23 01:49:06.000000000 +0100
	-+++ libmagic/encoding.c 2021-04-06 21:34:57.336978894 +0200
	++++ libmagic/encoding.c 2022-06-16 13:39:41.586609800 +0200
	@@ -98,14 +98,14 @@
	nbytes = ms->encoding_max;

	@@ -1514,9 +1514,9 @@ diff -ur libmagic.orig/encoding.c libmagic/encoding.c
	} \
	if (u < 3) \
	return 0; \
	-diff -ur libmagic.orig/file.h libmagic/file.h
	+diff -u libmagic.orig/file.h libmagic/file.h
	--- libmagic.orig/file.h 2021-02-23 01:49:06.000000000 +0100
	-+++ libmagic/file.h 2021-04-06 21:34:57.336978894 +0200
	++++ libmagic/file.h 2022-06-16 13:39:41.586609800 +0200
	@@ -33,17 +33,14 @@
	#ifndef __file_h__
	#define __file_h__
	@@ -1775,9 +1775,9 @@ diff -ur libmagic.orig/file.h libmagic/file.h
	+#endif
	+
	#endif /* __file_h__ */
	-diff -ur libmagic.orig/fsmagic.c libmagic/fsmagic.c
	+diff -u libmagic.orig/fsmagic.c libmagic/fsmagic.c
	--- libmagic.orig/fsmagic.c 2021-02-23 01:49:06.000000000 +0100
	-+++ libmagic/fsmagic.c 2021-04-06 21:34:57.336978894 +0200
	++++ libmagic/fsmagic.c 2021-09-21 13:27:27.992511000 +0200
	@@ -66,26 +66,10 @@
	# define minor(dev) ((dev) & 0xff)
	#endif
	@@ -2068,9 +2068,9 @@ diff -ur libmagic.orig/fsmagic.c libmagic/fsmagic.c
	#ifdef S_IFSOCK
	#ifndef __COHERENT__
	case S_IFSOCK:
	-diff -ur libmagic.orig/funcs.c libmagic/funcs.c
	+diff -u libmagic.orig/funcs.c libmagic/funcs.c
	--- libmagic.orig/funcs.c 2021-02-23 01:49:06.000000000 +0100
	-+++ libmagic/funcs.c 2021-04-06 21:34:57.336978894 +0200
	++++ libmagic/funcs.c 2022-06-16 13:39:41.586609800 +0200
	@@ -51,6 +51,13 @@
	#define SIZE_MAX ((size_t)~0)
	#endif
	@@ -2388,9 +2388,9 @@ diff -ur libmagic.orig/funcs.c libmagic/funcs.c

	protected char *
	file_strtrim(char *str)
	-diff -ur libmagic.orig/magic.c libmagic/magic.c
	+diff -u libmagic.orig/magic.c libmagic/magic.c
	--- libmagic.orig/magic.c 2021-02-23 01:49:06.000000000 +0100
	-+++ libmagic/magic.c 2021-04-06 21:34:57.336978894 +0200
	++++ libmagic/magic.c 2022-06-16 13:39:41.586609800 +0200
	@@ -25,11 +25,6 @@
	* SUCH DAMAGE.
	*/
	@@ -2867,9 +2867,9 @@ diff -ur libmagic.orig/magic.c libmagic/magic.c
	return NULL;
	}
	return file_getbuffer(ms);
	-diff -ur libmagic.orig/magic.h libmagic/magic.h
	---- libmagic.orig/magic.h 2021-04-06 22:37:37.647426536 +0200
	-+++ libmagic/magic.h 2021-04-06 21:34:57.336978894 +0200
	+diff -u libmagic.orig/magic.h libmagic/magic.h
	+--- libmagic.orig/magic.h 2022-06-30 17:16:06.144009900 +0200
	++++ libmagic/magic.h 2022-06-16 13:39:41.586609800 +0200
	@@ -126,6 +126,7 @@

	const char magic_getpath(const char , int);
	@@ -2878,9 +2878,9 @@ diff -ur libmagic.orig/magic.h libmagic/magic.h
	const char *magic_descriptor(magic_t, int);
	const char magic_buffer(magic_t, const void , size_t);

	-diff -ur libmagic.orig/print.c libmagic/print.c
	+diff -u libmagic.orig/print.c libmagic/print.c
	--- libmagic.orig/print.c 2021-02-23 01:49:07.000000000 +0100
	-+++ libmagic/print.c 2021-04-06 21:34:57.340978869 +0200
	++++ libmagic/print.c 2021-09-21 13:27:27.998388700 +0200
	@@ -28,6 +28,7 @@
	/*
	* print.c - debugging printout routines
	@@ -2943,9 +2943,9 @@ diff -ur libmagic.orig/print.c libmagic/print.c

	if (pp == NULL)
	goto out;
	-diff -ur libmagic.orig/readcdf.c libmagic/readcdf.c
	+diff -u libmagic.orig/readcdf.c libmagic/readcdf.c
	--- libmagic.orig/readcdf.c 2021-02-23 01:49:08.000000000 +0100
	-+++ libmagic/readcdf.c 2021-04-06 21:34:57.340978869 +0200
	++++ libmagic/readcdf.c 2021-09-21 13:27:27.999369100 +0200
	@@ -31,7 +31,11 @@

	#include <assert.h>
	@@ -3067,9 +3067,9 @@ diff -ur libmagic.orig/readcdf.c libmagic/readcdf.c
	out0:
	/* If we handled it already, return */
	if (i != -1)
	-diff -ur libmagic.orig/softmagic.c libmagic/softmagic.c
	+diff -u libmagic.orig/softmagic.c libmagic/softmagic.c
	--- libmagic.orig/softmagic.c 2021-02-23 01:49:06.000000000 +0100
	-+++ libmagic/softmagic.c 2021-04-06 21:34:57.340978869 +0200
	++++ libmagic/softmagic.c 2022-06-30 16:58:15.521661800 +0200
	@@ -43,6 +43,10 @@
	#include <time.h>
	#include "der.h"
	@@ -3247,7 +3247,29 @@ diff -ur libmagic.orig/softmagic.c libmagic/softmagic.c
	return rv;
	}

	-@@ -1845,15 +1847,15 @@
	+@@ -1531,11 +1533,7 @@
	+ size_t len;
	+ *c = ms->c;
	+ len = c->len * sizeof(*c->li);
	+- ms->c.li = CAST(struct level_info *, malloc(len));
	+- if (ms->c.li == NULL) {
	+- ms->c = *c;
	+- return -1;
	+- }
	++ ms->c.li = CAST(struct level_info *, emalloc(len));
	+ memcpy(ms->c.li, c->li, len);
	+ return 0;
	+ }
	+@@ -1543,7 +1541,7 @@
	+ private void
	+ restore_cont(struct magic_set ms, struct cont c)
	+ {
	+- free(ms->c.li);
	++ efree(ms->c.li);
	+ ms->c = *c;
	+ }
	+
	+@@ -1845,15 +1843,15 @@
	if ((ms->flags & MAGIC_NODESC) == 0 &&
	file_printf(ms, F(ms, m->desc, "%u"), offset) == -1)
	{
	@@ -3266,7 +3288,7 @@ diff -ur libmagic.orig/softmagic.c libmagic/softmagic.c
	return rv;

	case FILE_USE:
	-@@ -1958,10 +1960,13 @@
	+@@ -1958,10 +1956,13 @@
	}
	else if ((flags & STRING_COMPACT_WHITESPACE) &&
	isspace(*a)) {
	@@ -3281,7 +3303,7 @@ diff -ur libmagic.orig/softmagic.c libmagic/softmagic.c
	b++;
	}
	else {
	-@@ -1997,6 +2002,60 @@
	+@@ -1997,6 +1998,60 @@
	return file_strncmp(a, b, len, maxlen, flags);
	}

	@@ -3342,7 +3364,7 @@ diff -ur libmagic.orig/softmagic.c libmagic/softmagic.c
	private int
	magiccheck(struct magic_set ms, struct magic m)
	{
	-@@ -2176,65 +2235,77 @@
	+@@ -2176,65 +2231,77 @@
	break;
	}
	case FILE_REGEX: {
	@@ -3471,9 +3493,9 @@ diff -ur libmagic.orig/softmagic.c libmagic/softmagic.c
	break;
	}
	case FILE_USE:
	-diff -ur libmagic.orig/strcasestr.c libmagic/strcasestr.c
	+diff -u libmagic.orig/strcasestr.c libmagic/strcasestr.c
	--- libmagic.orig/strcasestr.c 2021-02-23 01:49:12.000000000 +0100
	-+++ libmagic/strcasestr.c 2021-04-06 21:34:57.340978869 +0200
	++++ libmagic/strcasestr.c 2021-09-21 13:27:28.002306200 +0200
	@@ -39,6 +39,8 @@

	#include "file.h"
	@@ -3483,7 +3505,3 @@ diff -ur libmagic.orig/strcasestr.c libmagic/strcasestr.c
	#include <assert.h>
	#include <ctype.h>
	#include <string.h>
	---- libmagic/config.h 2021-04-06 22:19:57.552120067 +0200
	-+++ /dev/null 2021-03-31 20:37:24.776503884 +0200
	-@@ -1 +0,0 @@
	--#include "php.h"
	diff --git a/ext/fileinfo/libmagic/softmagic.c b/ext/fileinfo/libmagic/softmagic.c
	index c86524e31e..5132b4ddea 100644
	--- a/ext/fileinfo/libmagic/softmagic.c
	+++ b/ext/fileinfo/libmagic/softmagic.c
	@@ -1533,11 +1533,7 @@ save_cont(struct magic_set ms, struct cont c)
	size_t len;
	*c = ms->c;
	len = c->len * sizeof(*c->li);
	- ms->c.li = CAST(struct level_info *, malloc(len));
	- if (ms->c.li == NULL) {
	- ms->c = *c;
	- return -1;
	- }
	+ ms->c.li = CAST(struct level_info *, emalloc(len));
	memcpy(ms->c.li, c->li, len);
	return 0;
	}
	@@ -1545,7 +1541,7 @@ save_cont(struct magic_set ms, struct cont c)
	private void
	restore_cont(struct magic_set ms, struct cont c)
	{
	- free(ms->c.li);
	+ efree(ms->c.li);
	ms->c = *c;
	}

	diff --git a/ext/fileinfo/tests/bug81723.phpt b/ext/fileinfo/tests/bug81723.phpt
	new file mode 100644
	index 0000000000..16bfb81f10
	--- /dev/null
	+++ b/ext/fileinfo/tests/bug81723.phpt
	@@ -0,0 +1,12 @@
	+--TEST--
	+Bug #81723 (Memory corruption in finfo_buffer())
	+--EXTENSIONS--
	+fileinfo
	+--FILE--
	+<?php
	+$data = hex2bin("00018a7570001097db97979897977d87979797000092001f0051000000000000000000ffff7fff00000000001e0000000000000000000000000c0000000000000000000000000000dc0000000100000000000000004f011900007f0000000000180039000000000000000000000000000000dc0000000100000000000000004f011900007f0000f500000000eeff0000000000000000010000fd00");
	+
	+$f = finfo_open();
	+finfo_buffer($f, $data);
	+?>
	+--EXPECT--
	--
	2.37.0.windows.1