php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #81490 ZipArchive::extractTo() may leak memory
Submitted: 2021-09-30 11:44 UTC Modified: 2021-09-30 11:44 UTC
From: cmb@php.net Assigned: cmb (profile)
Status: Closed Package: Zip Related
PHP Version: 7.4Git-2021-09-30 (Git) OS: *
Private report: No CVE-ID: None
 [2021-09-30 11:44 UTC] cmb@php.net
Description:
------------
ZIP archives may contain files with an empty filename[1]:

| If input came from standard input, the file name length is set
| to zero.

If such a file is extracted, there is a memory leak.  The same
happens whenever virtual_file_ex() fails for the given filename,
for whatever reason.

[1] <https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT> section 4.4.12


Test script:
---------------
<?php
$zip = new ZipArchive();
$zip->open(__DIR__ . "/test.zip", ZipArchive::CREATE|ZipArchive::OVERWRITE);
$zip->addFromString("", "yada yada");
mkdir(__DIR__ . "/extract");
$zip->open(__DIR__ . "/test.zip");
$zip->extractTo(__DIR__ . "/extract", "");
?>


Actual result:
--------------
[Thu Sep 30 13:42:44 2021]  Script:  'C:\php-sdk\phpdev\vc15\x64\zip1.php'
ext\zip\php_zip.c(154) :  Freeing 0x0000023abbe88000 (1 bytes), script=C:\php-sdk\phpdev\vc15\x64\zip1.php
=== Total 1 memory leaks detected ===


Patches

Pull Requests

Pull requests:

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-09-30 11:44 UTC] cmb@php.net
-Assigned To: +Assigned To: cmb
 [2021-09-30 11:54 UTC] cmb@php.net
The following pull request has been associated:

Patch Name: Fix #81490: ZipArchive::extractTo() may leak memory
On GitHub:  https://github.com/php/php-src/pull/7536
Patch:      https://github.com/php/php-src/pull/7536.patch
 [2021-09-30 13:46 UTC] git@php.net
Automatic comment on behalf of cmb69
Revision: https://github.com/php/php-src/commit/4d442714155a305205cdd3785ab024f3eba7516f
Log: Fix #81490: ZipArchive::extractTo() may leak memory
 [2021-09-30 13:46 UTC] git@php.net
-Status: Assigned +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 08:01:29 2024 UTC