php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #53579 stream_get_contents() segfaults on ziparchive streams
Submitted: 2010-12-20 06:58 UTC Modified: 2010-12-20 12:00 UTC
From: paulgao at yeah dot net Assigned: bjori
Status: Closed Package: Zip Related
PHP Version: 5.3.4 OS: irrelevant
Private report: No CVE-ID:
 [2010-12-20 06:58 UTC] paulgao at yeah dot net
Description:
------------
Segmentation fault

backtrace:

(gdb) bt
#0  0x0000003510e79320 in strchr () from /lib64/libc.so.6
#1  0x000000000065a23c in php_zip_ops_stat (stream=<value optimized out>, ssb=0x7fff6bb223e0) at /root/php-5.3.4/ext/zip/zip_stream.c:111
#2  0x00000000006c22c5 in _php_stream_copy_to_mem (src=0xd2d6038, buf=0x7fff6bb224c8, maxlen=35, persistent=0) at /root/php-5.3.4/main/streams/streams.c:1275
#3  0x000000000063019e in zif_stream_get_contents (ht=<value optimized out>, return_value=0xd2d5f08, return_value_ptr=<value optimized out>, this_ptr=<value optimized out>, return_value_used=<value optimized out>)
    at /root/php-5.3.4/ext/standard/streamsfuncs.c:443
#4  0x000000000064506c in suhosin_execute_internal (execute_data_ptr=0x2ac667a0b050, return_value_used=1) at /root/php-5.3.4/ext/suhosin/execute.c:1673
#5  0x0000000000746475 in zend_do_fcall_common_helper_SPEC (execute_data=0x2ac667a0b050) at /root/php-5.3.4/Zend/zend_vm_execute.h:318
#6  0x000000000071e15c in execute (op_array=0xd2d43c8) at /root/php-5.3.4/Zend/zend_vm_execute.h:107
#7  0x00000000006455b9 in suhosin_execute_ex (op_array=0xd2d43c8, zo=0, dummy=0) at /root/php-5.3.4/ext/suhosin/execute.c:585
#8  0x00000000006fb95d in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/php-5.3.4/Zend/zend.c:1194
#9  0x00000000006ab9cd in php_execute_script (primary_file=0x7fff6bb24d70) at /root/php-5.3.4/main/main.c:2265
#10 0x00000000007803ac in main (argc=2, argv=0x7fff6bb24fe8) at /root/php-5.3.4/sapi/cli/php_cli.c:1193

Test script:
---------------
<?php

$target_file = 'META-INF/MANIFEST.MF';

$za = new ZipArchive();
if ($za->open('test.jar') !== TRUE)
{
    return FALSE;
}

if ($za->statName($target_file) !== FALSE)
{
    $fd = $za->getStream($target_file);
}
else
{
    $fd = FALSE;
}
$za->close();

if (is_resource($fd))
{
    echo strlen(stream_get_contents($fd));
}

?>

Expected result:
----------------
273

Actual result:
--------------
Segmentation fault

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-12-20 07:05 UTC] paulgao at yeah dot net
trunk code is same.
 [2010-12-20 10:23 UTC] bjori@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: bjori
 [2010-12-20 12:00 UTC] bjori@php.net
Automatic comment from SVN on behalf of bjori
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=306493
Log: Fixed bug#53579 (stream_get_contents() segfaults on ziparchive streams)
Also added the filename being access to the stream_get_meta_data() array
 [2010-12-20 12:00 UTC] bjori@php.net
-Summary: stream_get_contents failed +Summary: stream_get_contents() segfaults on ziparchive streams -Status: Assigned +Status: Closed
 [2010-12-20 12:00 UTC] bjori@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sat Apr 19 04:01:55 2014 UTC