PHP :: Bug #49072 :: feof never returns true for damaged file in zip

Bug #49072	feof never returns true for damaged file in zip
Submitted:	2009-07-27 11:47 UTC	Modified:	2011-02-07 16:21 UTC
From:	TorokAlpar at Gmail dot com	Assigned:	cataphract (profile)
Status:	Closed	Package:	Zip Related
PHP Version:	5.3.0	OS:	Windows Xp, Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	TorokAlpar at Gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2009-07-27 11:47 UTC] TorokAlpar at Gmail dot com

Description:
------------
Opening a damaged zip archive (7z reports CRC failed for the faulty file), feof never return true, the script blocks, causing high CPU usage. 

Please contact me to get a zip that produces this problem. I don't see how can i attach it here

Reproduce code:
---------------
$o = new ZipArchive();
if (! $o->open('test.zip',ZipArchive::CHECKCONS)) {
	exit ('error can\'t open');
}
$o->getStream('file2'); // this file is ok
echo "OK";
$r = $o->getStream('file1'); // this file has a wrong crc
while (! feof($r)) {
	fread($r,1024);
}
echo "never here\n";


Expected result:
----------------
The script either reads the file ignoring the crc error, or reports the error, but finishes.  

Actual result:
--------------
the script  never ends, and uses up the CPU

Patches

zip_stream_errors_reported.patch (last revision 2011-02-01 12:20 UTC by rquadling@php.net)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-07-27 12:39 UTC] pajoye@php.net

Please send me the archive you used to reproduce this problem.

[2009-08-11 15:12 UTC] svn@php.net

Automatic comment from SVN on behalf of pajoye
Revision: http://svn.php.net/viewvc/?view=revision&revision=287095
Log: - fixed bug #49072, feof never returns true for damaged file in zip

[2009-08-11 17:11 UTC] svn@php.net

Automatic comment from SVN on behalf of pajoye
Revision: http://svn.php.net/viewvc/?view=revision&revision=287102
Log: - merge fix for php bug #49072

[2009-08-12 08:36 UTC] pajoye@php.net

Fixed in the pecl release 1.10.2 and patch applied to all branches (will be in php 5.2.11 and 5.3.1).

[2011-02-01 13:19 UTC] rquadling@php.net

-Assigned To: +Assigned To: rquadling

[2011-02-01 13:19 UTC] rquadling@php.net

The test http://svn.php.net/viewvc/php/php-src/trunk/ext/zip/tests/bug49072.phpt is currently failing.

From what I can tell, the reason for the failure is that the when processing (http://svn.php.net/viewvc/php/php-src/trunk/ext/zip/zip_stream.c?view=annotate#l31), the return type from zip_fread (line 37) is cast to size_t.

This is, at the most basic, an unsigned type. So, when comparing (n < 0), this will always be false.

And so any errors recording during the zip_fread() call will fail to be passed on.

Removing the casting and having n as type int, allows the test to pass and the appropriate error is generated.

Patch attached.

[2011-02-01 13:20 UTC] rquadling@php.net

The following patch has been added/updated:

Patch Name: zip_stream_errors_reported.patch
Revision:   1296562807
URL:        http://bugs.php.net/patch-display.php?bug=49072&patch=zip_stream_errors_reported.patch&revision=1296562807

[2011-02-01 13:22 UTC] rquadling@php.net

-Status: Closed +Status: Re-Opened -Assigned To: rquadling +Assigned To:

[2011-02-01 13:22 UTC] rquadling@php.net

Unassigned from me as I don't have karma.

[2011-02-01 14:59 UTC] cataphract@php.net

-Assigned To: +Assigned To: cataphract

[2011-02-01 15:43 UTC] cataphract@php.net

Automatic comment from SVN on behalf of cataphract
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=307916
Log: - Fixed bug #49072 (feof never returns true for damaged file in zip).

[2011-02-01 15:44 UTC] cataphract@php.net

Automatic comment from SVN on behalf of cataphract
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=307917
Log: - Fixed bug #49072 (feof never returns true for damaged file in zip).

[2011-02-01 15:44 UTC] cataphract@php.net

-Status: Re-Opened +Status: Closed

[2011-02-07 16:12 UTC] pajoye@php.net

-Status: Closed +Status: Assigned

[2011-02-07 16:12 UTC] pajoye@php.net

Test fails here:

001+ 
001- Warning: fread(): Zip stream error: CRC error in %s on line %d

[2011-02-07 16:13 UTC] pajoye@php.net

Test for this bug fail here (5.3/trunk):

001+ 
001- Warning: fread(): Zip stream error: CRC error in %s on line %d

[2011-02-07 16:21 UTC] pajoye@php.net

-Status: Assigned +Status: Closed

[2011-02-07 16:21 UTC] pajoye@php.net

Wrong build, test passes just fine

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue Dec 03 17:01:29 2024 UTC