php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #53579 stream_get_contents() segfaults on ziparchive streams
Submitted: 2010-12-20 06:58 UTC Modified: 2010-12-20 12:00 UTC
From: paulgao at yeah dot net Assigned: bjori (profile)
Status: Closed Package: Zip Related
PHP Version: 5.3.4 OS: irrelevant
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: paulgao at yeah dot net
New email:
PHP Version: OS:

 

 [2010-12-20 06:58 UTC] paulgao at yeah dot net 
Description:
------------
Segmentation fault

backtrace:

(gdb) bt
#0  0x0000003510e79320 in strchr () from /lib64/libc.so.6
#1  0x000000000065a23c in php_zip_ops_stat (stream=<value optimized out>, ssb=0x7fff6bb223e0) at /root/php-5.3.4/ext/zip/zip_stream.c:111
#2  0x00000000006c22c5 in _php_stream_copy_to_mem (src=0xd2d6038, buf=0x7fff6bb224c8, maxlen=35, persistent=0) at /root/php-5.3.4/main/streams/streams.c:1275
#3  0x000000000063019e in zif_stream_get_contents (ht=<value optimized out>, return_value=0xd2d5f08, return_value_ptr=<value optimized out>, this_ptr=<value optimized out>, return_value_used=<value optimized out>)
    at /root/php-5.3.4/ext/standard/streamsfuncs.c:443
#4  0x000000000064506c in suhosin_execute_internal (execute_data_ptr=0x2ac667a0b050, return_value_used=1) at /root/php-5.3.4/ext/suhosin/execute.c:1673
#5  0x0000000000746475 in zend_do_fcall_common_helper_SPEC (execute_data=0x2ac667a0b050) at /root/php-5.3.4/Zend/zend_vm_execute.h:318
#6  0x000000000071e15c in execute (op_array=0xd2d43c8) at /root/php-5.3.4/Zend/zend_vm_execute.h:107
#7  0x00000000006455b9 in suhosin_execute_ex (op_array=0xd2d43c8, zo=0, dummy=0) at /root/php-5.3.4/ext/suhosin/execute.c:585
#8  0x00000000006fb95d in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/php-5.3.4/Zend/zend.c:1194
#9  0x00000000006ab9cd in php_execute_script (primary_file=0x7fff6bb24d70) at /root/php-5.3.4/main/main.c:2265
#10 0x00000000007803ac in main (argc=2, argv=0x7fff6bb24fe8) at /root/php-5.3.4/sapi/cli/php_cli.c:1193

Test script:
---------------
<?php

$target_file = 'META-INF/MANIFEST.MF';

$za = new ZipArchive();
if ($za->open('test.jar') !== TRUE)
{
    return FALSE;
}

if ($za->statName($target_file) !== FALSE)
{
    $fd = $za->getStream($target_file);
}
else
{
    $fd = FALSE;
}
$za->close();

if (is_resource($fd))
{
    echo strlen(stream_get_contents($fd));
}

?>

Expected result:
----------------
273

Actual result:
--------------
Segmentation fault

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-12-20 07:05 UTC] paulgao at yeah dot net 
trunk code is same.
 [2010-12-20 10:23 UTC] bjori@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: bjori
 [2010-12-20 12:00 UTC] bjori@php.net 
Automatic comment from SVN on behalf of bjori
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=306493
Log: Fixed bug#53579 (stream_get_contents() segfaults on ziparchive streams)
Also added the filename being access to the stream_get_meta_data() array
 [2010-12-20 12:00 UTC] bjori@php.net
-Summary: stream_get_contents failed +Summary: stream_get_contents() segfaults on ziparchive streams -Status: Assigned +Status: Closed
 [2010-12-20 12:00 UTC] bjori@php.net 
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 13:01:29 2024 UTC