From d92a87d7cb81f94b8705cdbeaa1b3836dc145549 Mon Sep 17 00:00:00 2001
From: Anatol Belski <ab@php.net>
Date: Tue, 30 Dec 2014 19:37:27 +0100
Subject: [PATCH 1/2] Fixed bug #68671 incorrect expression in libmagic

---
 NEWS                          |  4 ++++
 ext/fileinfo/libmagic/print.c | 11 +++++++----
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/NEWS b/NEWS
index f91a555d14e..af21bb474f6 100644
--- a/NEWS
+++ b/NEWS
@@ -25,6 +25,10 @@ PHP                                                                        NEWS
   . Fixed bug #67643 (curl_multi_getcontent returns '' when
     CURLOPT_RETURNTRANSFER isn't set). (Jille Timmermans)
 
+- Fileinfo:
+  . Fixed bug #68671 (incorrect expression in libmagic).
+    (Joshua Rogers, Anatol Belski)
+
 - GD:
   . Fixed bug #68601 (buffer read overflow in gd_gif_in.c). (Jan Bee, Remi)
 
diff --git a/ext/fileinfo/libmagic/print.c b/ext/fileinfo/libmagic/print.c
index eb4e6e8ce4f..26bb2f7e975 100644
--- a/ext/fileinfo/libmagic/print.c
+++ b/ext/fileinfo/libmagic/print.c
@@ -59,16 +59,19 @@ protected void
 file_magwarn(struct magic_set *ms, const char *f, ...)
 {
 	va_list va;
-	char *expanded_format;
+	char *expanded_format = NULL;
+	int expanded_len;
 	TSRMLS_FETCH();
 
 	va_start(va, f);
-	if (vasprintf(&expanded_format, f, va)); /* silence */
+	expanded_len = vasprintf(&expanded_format, f, va);
 	va_end(va);
 	
-	php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Warning: %s", expanded_format);
+	if (expanded_len >= 0 && expanded_format) {
+		php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Warning: %s", expanded_format);
 
-	free(expanded_format);
+		free(expanded_format);
+	}
 }
 
 protected const char *

From 85b4a6552029b1f3fdb39251f37986fafcb958a1 Mon Sep 17 00:00:00 2001
From: Anatol Belski <ab@php.net>
Date: Tue, 30 Dec 2014 19:39:14 +0100
Subject: [PATCH 2/2] updated NEWS

---
 NEWS | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index a457ed540d5..2581717a880 100644
--- a/NEWS
+++ b/NEWS
@@ -30,7 +30,9 @@
 
 - Fileinfo:
   . Fixed bug #68398 (msooxml matches too many archives). (Anatol)
-  . Fixed bug #68665 (invalid free). (honey@internot.info)
+  . Fixed bug #68665 (invalid free in libmagic). (Joshua Rogers, Anatol Belski)
+  . Fixed bug #68671 (incorrect expression in libmagic).
+    (Joshua Rogers, Anatol Belski)
 
 - FPM:
   . Fixed request #68526 (Implement POSIX Access Control List for UDS). (Remi)