php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #73719 Suspect memory issue with certain tar.gz file / PharData
Submitted: 2016-12-11 22:29 UTC Modified: 2016-12-27 07:01 UTC
Votes:3
Avg. Score:4.0 ± 0.8
Reproduced:3 of 3 (100.0%)
Same Version:1 (33.3%)
Same OS:1 (33.3%)
From: tklingenberg at lastflood dot net Assigned:
Status: Open Package: PHAR related
PHP Version: 7.0.14 OS: Tested on Ubuntu 16.04
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2016-12-11 22:29 UTC] tklingenberg at lastflood dot net
Description:
------------
One user reported an issue that a tar-gz data-file for the Magento application didn't run with Magerun that uses Composer which then uses the PharData class under the hood.

File in question is:

URL: https://sourceforge.net/projects/mageloads/files/assets/1.9.2.4/magento-sample-data-1.9.2.4.tar.gz

SHASUM: `5ad29dc3df38d21b2407c49f66d5308b01961d60

Creating the instance based on that file:

    php -r '$p = new PharData($argv[1]);' -- magento-sample-data-1.9.2.4.tar.gz 

Creates the always reproduceable error:

PHP Fatal error:  Allowed memory size of -1 bytes exhausted (tried to allocate 18446744073709543424 bytes) in Command line code on line 1

This large number looked suspicious to me so I reported this under security. I have not further looked into it.

The tar-file itself is somewhat broken, if I verify it on my system I get some errors:

$ tar -tzf magento-sample-data-1.9.2.4.tar.gz >/dev/null

gzip: stdin: decompression OK, trailing garbage ignored
tar: Child returned status 2
tar: Error is not recoverable: exiting now

I hope the information provided is useful.

Ref; https://github.com/netz98/n98-magerun/issues/879



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-12-27 07:01 UTC] stas@php.net
-Type: Security +Type: Bug
 [2016-12-27 07:01 UTC] stas@php.net
Don't see security problem here.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sat Aug 24 18:01:27 2019 UTC