php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #34191 ob_gzhandler does not enforce trailing NUL
Submitted: 2005-08-19 13:41 UTC Modified: 2005-08-24 18:20 UTC
From: mike@php.net Assigned: iliaa (profile)
Status: Closed Package: Zlib related
PHP Version: 5CVS-2005-08-24 (CVS) OS:
Private report: No CVE-ID: None
 [2005-08-19 13:41 UTC] mike@php.net
Description:
------------
ob_gzhandler does not always append a trailing NUL byte to the deflated string, resulting in warnings in debug mode.

PATCH:
http://dev.iworks.at/PATCHES/ob_gzhandler_trailing_NUL.txt


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-08-19 14:38 UTC] mike@php.net
Reproducing script:

<?php

function f()
{
	$data = ob_get_contents();
	while(@ob_end_clean());
	ob_start('ob_gzhandler');
	
	$step = strlen($data)/2;
	echo substr($data, 0, $step);
	ob_flush();
	echo substr($data, $step);
}

register_shutdown_function('f');

ob_start();
echo '<pre>';
readfile(__FILE__);

?>
 [2005-08-21 18:05 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 [2005-08-24 12:37 UTC] mike@php.net
Sorry, this bug is not entirely fixed.

Reproducing Script:
Similar to the previous one, but with an additional ob_end_clean()

<?php

function f()
{
	$data = ob_get_contents();
	while(@ob_end_clean());
	ob_start('ob_gzhandler');
	
	$step = strlen($data)/2;
	echo substr($data, 0, $step);
	ob_flush();
	echo substr($data, $step);
}

register_shutdown_function('f');

while(@ob_end_clean());

ob_start();
echo '<pre>';
readfile(__FILE__);

?>
 [2005-08-24 14:43 UTC] sniper@php.net
==9165== Conditional jump or move depends on uninitialised value(s)
==9165==    at 0x8139541: _zval_dtor_func (zend_variables.c:35)
==9165==    by 0x812EAF1: _zval_dtor (zend_variables.h:35)
==9165==    by 0x812ECA4: _zval_ptr_dtor (zend_execute_API.c:386)
==9165==    by 0x810A41C: php_end_ob_buffer (output.c:309)

 [2005-08-24 16:28 UTC] sniper@php.net
Ilia, it didn't quite do it..

 [2005-08-24 18:20 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 03:01:29 2024 UTC