php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #77322 PharData::addEmptyDir('/') Possible integer overflow
Submitted: 2018-12-20 10:21 UTC Modified: 2020-12-11 15:57 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: lars at larsegon dot se Assigned: cmb (profile)
Status: Closed Package: PHAR related
PHP Version: 7.1.25 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: lars at larsegon dot se
New email:
PHP Version: OS:

 

 [2018-12-20 10:21 UTC] lars at larsegon dot se 
Description:
------------
When trying to add the empty directory '/' to a phar archive PHP throws a fatal error:
PHP Fatal error:  Possible integer overflow in memory allocation (1 * 18446744073709551615 + 1) in /path/to/my/script.php on line 91

The same action works in ZipArchive, i.e. this works:
$zip = new \ZipArchive;
$zip->open(tempnam(sys_get_temp_dir(), "phptest"));
$zip->addEmptyDir("/");

Test script:
---------------
$tar = new \PharData("/tmp/phptempfile");
$tar->addEmptyDir("/");
// Fatal error Possible Integer overflow

Patches

Pull Requests

Pull requests:

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-12-11 15:57 UTC] cmb@php.net
-Status: Open +Status: Verified -Assigned To: +Assigned To: cmb
 [2020-12-11 15:58 UTC] cmb@php.net 
The following pull request has been associated:

Patch Name: Fix #77322: PharData::addEmptyDir('/') Possible integer overflow
On GitHub:  https://github.com/php/php-src/pull/6508
Patch:      https://github.com/php/php-src/pull/6508.patch
 [2020-12-15 10:47 UTC] cmb@php.net 
Automatic comment on behalf of cmbecker69@gmx.de
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a53d67ceac301cbd27c4f0f716d4fbcdb7db3407
Log: Fix #77322: PharData::addEmptyDir('/') Possible integer overflow
 [2020-12-15 10:47 UTC] cmb@php.net
-Status: Verified +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 14:01:29 2024 UTC