php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #34191 ob_gzhandler does not enforce trailing NUL
Submitted: 2005-08-19 13:41 UTC Modified: 2005-08-24 18:20 UTC
From: mike@php.net Assigned: iliaa (profile)
Status: Closed Package: Zlib related
PHP Version: 5CVS-2005-08-24 (CVS) OS:
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: mike@php.net
New email:
PHP Version: OS:

 

 [2005-08-19 13:41 UTC] mike@php.net 
Description:
------------
ob_gzhandler does not always append a trailing NUL byte to the deflated string, resulting in warnings in debug mode.

PATCH:
http://dev.iworks.at/PATCHES/ob_gzhandler_trailing_NUL.txt

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-08-19 14:38 UTC] mike@php.net 
Reproducing script:

<?php

function f()
{
	$data = ob_get_contents();
	while(@ob_end_clean());
	ob_start('ob_gzhandler');
	
	$step = strlen($data)/2;
	echo substr($data, 0, $step);
	ob_flush();
	echo substr($data, $step);
}

register_shutdown_function('f');

ob_start();
echo '<pre>';
readfile(__FILE__);

?>
 [2005-08-21 18:05 UTC] iliaa@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 [2005-08-24 12:37 UTC] mike@php.net 
Sorry, this bug is not entirely fixed.

Reproducing Script:
Similar to the previous one, but with an additional ob_end_clean()

<?php

function f()
{
	$data = ob_get_contents();
	while(@ob_end_clean());
	ob_start('ob_gzhandler');
	
	$step = strlen($data)/2;
	echo substr($data, 0, $step);
	ob_flush();
	echo substr($data, $step);
}

register_shutdown_function('f');

while(@ob_end_clean());

ob_start();
echo '<pre>';
readfile(__FILE__);

?>
 [2005-08-24 14:43 UTC] sniper@php.net 
==9165== Conditional jump or move depends on uninitialised value(s)
==9165==    at 0x8139541: _zval_dtor_func (zend_variables.c:35)
==9165==    by 0x812EAF1: _zval_dtor (zend_variables.h:35)
==9165==    by 0x812ECA4: _zval_ptr_dtor (zend_execute_API.c:386)
==9165==    by 0x810A41C: php_end_ob_buffer (output.c:309)
 [2005-08-24 16:28 UTC] sniper@php.net 
Ilia, it didn't quite do it..
 [2005-08-24 18:20 UTC] iliaa@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri Oct 24 13:00:02 2025 UTC