php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #65028 Phar::buildFromDirectory creates corrupt archives for some specific contents
Submitted: 2013-06-13 11:47 UTC Modified: 2013-07-22 08:02 UTC
Votes:13
Avg. Score:4.5 ± 1.2
Reproduced:11 of 11 (100.0%)
Same Version:10 (90.9%)
Same OS:11 (100.0%)
From: matthias dot burtscher at fusonic dot net Assigned:
Status: Closed Package: PHAR related
PHP Version: 5.3.x, 5.4.x, 5.5.x OS: Ubuntu 13.04, Windows 7
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: matthias dot burtscher at fusonic dot net
New email:
PHP Version: OS:

 

 [2013-06-13 11:47 UTC] matthias dot burtscher at fusonic dot net
Description:
------------
When creating a Phar archive with a very simple Phar::createFromDirectory() call 
(see test script) the generated archive is corrupt sometimes, depending on the 
contents packed into the Phar.

I CAN PROVIDE THE TEST CONTENTS TO A DEVELOPER BUT NOT TO THE PUBLIC.

Opening the Phar will cause a Fatal error. Adding an additional empty file (see 
test script) to the archive fixes the problem. Sometimes a second empty file has 
to be added, sometimes a third one.

Tested PHP versions:
- 5.3.26
- 5.4.16
- 5.5.0 RC3

Configure line (all versions):
'./configure'  
'--prefix=/opt/php/bin/php-5.3.26' 
'--with-gd' 
'--with-ldap=/usr' 
'--with-mysql' 
'--with-mssql' 
'--with-pdo-mysql' 
'--with-pdo-dblib' 
'--with-pdo-pgsql' 
'--with-pgsql' 
'--with-config-file-path=/opt/php/bin/php-5.3.26/etc' 
'--enable-mbstring' 
'--with-mcrypt' 
'--with-openssl' 
'--with-curl'
'--with-zlib' 
'--with-libdir=lib/x86_64-linux-gnu' 
'--with-jpeg-dir' 
'--with-png-dir'

Test script:
---------------
// Corrupt
$phar = new Phar("test.phar");
$phar->buildFromDirectory("content");
$phar->compress(Phar::GZ);

// Working (only difference is adding the empty file)
$phar = new Phar("test.phar");
$phar->buildFromDirectory("content");
$phar->addFromString("an-empty-file", "");
$phar->compress(Phar::GZ);

Expected result:
----------------
Working phar archive which can be opened with "new Phar('test.phar')".

Actual result:
--------------
Fatal error: Uncaught exception 'UnexpectedValueException' with message 'internal 
corruption of phar "/tmp/test/test.phar" (truncated manifest at stub end)'

Patches

Pull Requests

Pull requests:

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-06-13 14:10 UTC] matthias dot burtscher at fusonic dot net
This one will result in the same corrupt phar archive:
$phar = new Phar("test.phar");
$iterator = new RecursiveIteratorIterator(new 
RecursiveDirectoryIterator("/tmp/test/content", FilesystemIterator::SKIP_DOTS));
$phar->buildFromIterator($iterator, "/tmp/test/content");
$phar->compress(Phar::GZ);
 [2013-06-27 11:59 UTC] matthias dot burtscher at fusonic dot net
-PHP Version: 5.5.0RC3 +PHP Version: 5.5.0
 [2013-06-27 11:59 UTC] matthias dot burtscher at fusonic dot net
Re-tested with the latest PHP 5.5.0 release, still not working.
 [2013-06-28 05:59 UTC] matthias dot burtscher at fusonic dot net
-Operating System: Ubuntu 13.04 +Operating System: Ubuntu 13.04, Windows 7 -PHP Version: 5.5.0 +PHP Version: 5.3.x, 5.4.x, 5.5.x
 [2013-06-28 05:59 UTC] matthias dot burtscher at fusonic dot net
I managed to recreate the issue and submitted a test case right here on GitHub:
https://github.com/php/php-src/pull/371
 [2013-07-22 07:27 UTC] stas@php.net
This is a funny one. Seems to be because phar writes the archive this way:

<?php
// code code code
__HALT_COMPILER(); ?>METADATA_HEADER

Where METADATA_HEADER contains phar metadata, first 4 bytes being metadata length. However, when phar reads the file, it checks if "__HALT_COMPILER(); ?>" is followed by \r, and if there's \r it also looks for \n. Now imagine what happens if metadata length is such that its first byte is 0x0D, but second byte is not 0x0A? Phar file is not readable anymore.
 [2013-07-22 08:02 UTC] stas@php.net
Matthias, please check if https://github.com/php/php-src/pull/392 fixes your problem?
 [2013-07-24 04:46 UTC] stas@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=f8efdc2b4bca2a8f7e57aae36a01df044ba3d0b5
Log: fix bug #65028 	Phar::buildFromDirectory creates corrupt archives for some specific contents
 [2013-07-24 04:46 UTC] stas@php.net
-Status: Open +Status: Closed
 [2014-10-07 23:17 UTC] stas@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=f8efdc2b4bca2a8f7e57aae36a01df044ba3d0b5
Log: fix bug #65028 	Phar::buildFromDirectory creates corrupt archives for some specific contents
 [2014-10-07 23:29 UTC] stas@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=f8efdc2b4bca2a8f7e57aae36a01df044ba3d0b5
Log: fix bug #65028 	Phar::buildFromDirectory creates corrupt archives for some specific contents
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 10:01:29 2024 UTC