php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #78641 addGlob modifies value of constant when used in remove_path with trailing slash
Submitted: 2019-10-07 15:08 UTC Modified: 2019-10-08 07:48 UTC
From: support at hiorg-server dot de Assigned: cmb (profile)
Status: Closed Package: Zip Related
PHP Version: 7.3.10 OS: Debian GNU/Linux 10 (buster)
Private report: No CVE-ID: None
 [2019-10-07 15:08 UTC] support at hiorg-server dot de
Description:
------------
After adding a file by addGlob using add_path and remove_path options, the value of the constant used to define the "remove_path" has changed if it has a trailing slash.

Maybe the code block in line 1604/1605 of php-src/ext/zip/php_zip.c (https://github.com/php/php-src/blob/4d6f88e2152888e4e4e8ac40c2d4a68d28b6a208/ext/zip/php_zip.c#L1604) causes this bug since in these lines the "remove_path" will be modified.

Removing the trailing slash turned out to be a simple workaround for this issue.

I have used the following Dockerfile to build a docker container with php7.3.10 to reproduce this bug.

FROM php:7.3.10-cli

RUN apt-get clean
RUN apt-get update

#install some base extensions
RUN apt-get install -y \
        libzip-dev \
        zip \
  && docker-php-ext-configure zip --with-libzip \
  && docker-php-ext-install zip

Test script:
---------------
<?php

define("TMPDIR", __DIR__ . "/");

$file = 'foo-bar';
touch($file);

$zip = new ZipArchive();
$zip->open("test.zip", ZipArchive::CREATE | ZipArchive::OVERWRITE);
var_dump(TMPDIR);
$zip->addGlob($file, 0, ["remove_path" => TMPDIR]);
var_dump(TMPDIR);
$zip->close();


Expected result:
----------------
string(15) "/usr/src/myapp/"
string(15) "/usr/src/myapp/"

Actual result:
--------------
string(15) "/usr/src/myapp/"
string(15) "/usr/src/myapp"

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-10-07 17:09 UTC] cmb@php.net
-Status: Open +Status: Verified -Assigned To: +Assigned To: cmb
 [2019-10-07 17:09 UTC] cmb@php.net
Indeed!  Thanks for reporting.
 [2019-10-08 06:35 UTC] support at hiorg-server dot de
There is one more thing we would like to add: If the constant is defined in an include script this bug can have a negative side effect for other scripts, too, if they depend on the same constant which can lead to endless debugging sessions.

We found out that the value of the constant is invalid until the include script which defines the constant will be modified (e.g. by calling "touch include.php"). This might imply that the bug changes the cached bytecode?
 [2019-10-08 07:48 UTC] cmb@php.net
> Removing the trailing slash turned out to be a simple workaround
> for this issue.

You likely want to stick with this workaround, because bug #72374
will only be fixed as of PHP 8.0.0.

> This might imply that the bug changes the cached bytecode?

At least the attempt could be made.
 [2019-10-08 07:51 UTC] cmb@php.net
Automatic comment on behalf of cmbecker69@gmx.de
Revision: http://git.php.net/?p=php-src.git;a=commit;h=fd3118ffb0a47d39489607967172c3b3fc75277a
Log: Fix #78641: addGlob can modify given remove_path value
 [2019-10-08 07:51 UTC] cmb@php.net
-Status: Verified +Status: Closed
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Wed Nov 13 22:01:29 2019 UTC