php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #53885 ZipArchive segfault with FL_UNCHANGED on empty archive
Submitted: 2011-01-30 23:15 UTC Modified: 2011-01-30 23:31 UTC
From: stas@php.net Assigned: stas (profile)
Status: Closed Package: Zip Related
PHP Version: 5.3SVN-2011-01-30 (SVN) OS: *
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: stas@php.net
New email:
PHP Version: OS:

 

 [2011-01-30 23:15 UTC] stas@php.net 
Description:
------------
From Maksymilian Arciemowicz:


PoC1:
php -r '$nx=new
ZipArchive();$nx->open("/dev/null");$nx-
>locateName("a",ZIPARCHIVE::FL_UNCHANGED);'

PoC2:
php -r '$nx=new
ZipArchive();$nx->open("empty.zip");$nx->statName("a",ZIPARCHIVE::FL_UNCHANGED);'


Segfault in _zip_name_locate.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-01-30 23:28 UTC] stas@php.net 
Automatic comment from SVN on behalf of stas
Revision: http://svn.php.net/viewvc/?view=revision&revision=307867
Log: fix bug 53885 (ZipArchive segfault with FL_UNCHANGED on empty archive)
 [2011-01-30 23:30 UTC] stas@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: stas
 [2011-01-30 23:30 UTC] stas@php.net 
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 [2011-01-30 23:31 UTC] stas@php.net
-Package: Zlib related +Package: Zip Related
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Jan 30 20:01:29 2025 UTC