PHP :: Bug #66960 :: phar long filename crash

Bug #66960

phar long filename crash

Submitted:

2014-03-26 14:20 UTC

Modified:

2018-01-09 03:40 UTC

Votes:	1
Avg. Score:	1.0 ± 0.0
Reproduced:	0 of 0 (0.0%)

From:

twratajczak at gmail dot com

Assigned:

bishop (profile)

Status:

Closed

Package:

PHAR related

PHP Version:

Irrelevant

OS:

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	twratajczak at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2014-03-26 14:20 UTC] twratajczak at gmail dot com

Description:
------------
performing file operations through phar:// with filenames over MAXPATHLEN causes crash 

*** stack smashing detected ***: php terminated

Test script:
---------------
<?php
$p = new Phar('/tmp/a.phar');
file_exists('phar:///tmp/a.phar/'. str_repeat("a", 4100));

// only for this test case phar.readonly=Off is required

Expected result:
----------------
file_exists returning false

Actual result:
--------------
Program terminated with signal 6, Aborted.
#0  0x00007f5960d9cf77 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56      ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  0x00007f5960d9cf77 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007f5960da05e8 in __GI_abort () at abort.c:90
#2  0x00007f5960dda4fb in __libc_message (do_abort=do_abort@entry=1, fmt=fmt@entry=0x7f5960eebf10 "*** %s ***: %s terminated\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:199
#3  0x00007f5960e7808c in __GI___fortify_fail (msg=<optimized out>, msg@entry=0x7f5960eebef8 "stack smashing detected") at fortify_fail.c:37
#4  0x00007f5960e78030 in __stack_chk_fail () at stack_chk_fail.c:28
#5  0x00000000004c048f in phar_set_inode (entry=0x7fff95d1c6d0) at /home/tratajczak/Downloads/php-master-201403261230/ext/phar/phar_internal.h:542
#6  0x6161616161616161 in ?? ()
...

Patches

Pull Requests

Pull requests:

Fixes Bug #66960 (php-src/3013)

History

AllCommentsChangesGit/SVN commitsRelated reports

[2018-01-08 01:42 UTC] bishop@php.net

-Status: Open +Status: Feedback -Assigned To: +Assigned To: bishop

[2018-01-08 01:42 UTC] bishop@php.net

I am not seeing this behavior in the 7.1 series on Centos 7. Can you reproduce it in any current PHP version (as of today, 7.1+)? If so, on what OS and architecture?

[2018-01-08 20:28 UTC] twratajczak at gmail dot com

I can verify that with PHP 7.1.11-0ubuntu0.17.10.1 this code works as expected. Thanks

[2018-01-09 03:40 UTC] bishop@php.net

-Status: Feedback +Status: Closed

[2018-01-09 03:40 UTC] bishop@php.net

Glad it no longer recurs! I've added a test just to be sure it doesn't appear in future versions.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sun Jul 13 13:01:32 2025 UTC