php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #49072 feof never returns true for damaged file in zip
Submitted: 2009-07-27 11:47 UTC Modified: 2011-02-07 16:21 UTC
From: TorokAlpar at Gmail dot com Assigned: cataphract
Status: Closed Package: Zip Related
PHP Version: 5.3.0 OS: Windows Xp, Linux
Private report: No CVE-ID:
 [2009-07-27 11:47 UTC] TorokAlpar at Gmail dot com
Description:
------------
Opening a damaged zip archive (7z reports CRC failed for the faulty file), feof never return true, the script blocks, causing high CPU usage. 

Please contact me to get a zip that produces this problem. I don't see how can i attach it here

Reproduce code:
---------------
$o = new ZipArchive();
if (! $o->open('test.zip',ZipArchive::CHECKCONS)) {
	exit ('error can\'t open');
}
$o->getStream('file2'); // this file is ok
echo "OK";
$r = $o->getStream('file1'); // this file has a wrong crc
while (! feof($r)) {
	fread($r,1024);
}
echo "never here\n";


Expected result:
----------------
The script either reads the file ignoring the crc error, or reports the error, but finishes.  

Actual result:
--------------
the script  never ends, and uses up the CPU

Patches

zip_stream_errors_reported.patch (last revision 2011-02-01 12:20 UTC) by rquadling@php.net)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-07-27 12:39 UTC] pajoye@php.net
Please send me the archive you used to reproduce this problem.
 [2009-08-11 15:12 UTC] svn@php.net
Automatic comment from SVN on behalf of pajoye
Revision: http://svn.php.net/viewvc/?view=revision&revision=287095
Log: - fixed bug #49072, feof never returns true for damaged file in zip
 [2009-08-11 17:11 UTC] svn@php.net
Automatic comment from SVN on behalf of pajoye
Revision: http://svn.php.net/viewvc/?view=revision&revision=287102
Log: - merge fix for php bug #49072
 [2009-08-12 08:36 UTC] pajoye@php.net
Fixed in the pecl release 1.10.2 and patch applied to all branches (will be in php 5.2.11 and 5.3.1).
 [2011-02-01 13:19 UTC] rquadling@php.net
-Assigned To: +Assigned To: rquadling
 [2011-02-01 13:19 UTC] rquadling@php.net
The test http://svn.php.net/viewvc/php/php-src/trunk/ext/zip/tests/bug49072.phpt is currently failing.

From what I can tell, the reason for the failure is that the when processing (http://svn.php.net/viewvc/php/php-src/trunk/ext/zip/zip_stream.c?view=annotate#l31), the return type from zip_fread (line 37) is cast to size_t.

This is, at the most basic, an unsigned type. So, when comparing (n < 0), this will always be false.

And so any errors recording during the zip_fread() call will fail to be passed on.

Removing the casting and having n as type int, allows the test to pass and the appropriate error is generated.

Patch attached.
 [2011-02-01 13:20 UTC] rquadling@php.net
The following patch has been added/updated:

Patch Name: zip_stream_errors_reported.patch
Revision:   1296562807
URL:        http://bugs.php.net/patch-display.php?bug=49072&patch=zip_stream_errors_reported.patch&revision=1296562807
 [2011-02-01 13:22 UTC] rquadling@php.net
-Status: Closed +Status: Re-Opened -Assigned To: rquadling +Assigned To:
 [2011-02-01 13:22 UTC] rquadling@php.net
Unassigned from me as I don't have karma.
 [2011-02-01 14:59 UTC] cataphract@php.net
-Assigned To: +Assigned To: cataphract
 [2011-02-01 15:43 UTC] cataphract@php.net
Automatic comment from SVN on behalf of cataphract
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=307916
Log: - Fixed bug #49072 (feof never returns true for damaged file in zip).
 [2011-02-01 15:44 UTC] cataphract@php.net
Automatic comment from SVN on behalf of cataphract
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=307917
Log: - Fixed bug #49072 (feof never returns true for damaged file in zip).
 [2011-02-01 15:44 UTC] cataphract@php.net
-Status: Re-Opened +Status: Closed
 [2011-02-07 16:12 UTC] pajoye@php.net
-Status: Closed +Status: Assigned
 [2011-02-07 16:12 UTC] pajoye@php.net
Test fails here:

001+ 
001- Warning: fread(): Zip stream error: CRC error in %s on line %d
 [2011-02-07 16:13 UTC] pajoye@php.net
Test for this bug fail here (5.3/trunk):

001+ 
001- Warning: fread(): Zip stream error: CRC error in %s on line %d
 [2011-02-07 16:21 UTC] pajoye@php.net
-Status: Assigned +Status: Closed
 [2011-02-07 16:21 UTC] pajoye@php.net
Wrong build, test passes just fine
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sat Apr 19 09:02:28 2014 UTC