PHP :: Bug #69958

Return to Bug #69958
Patch phar-69958	revision 2015-07-05 04:04 UTC by stas@php.net
Patch phar-69958 for Reproducible crash Bug #69958

Patch version 2015-07-05 04:04 UTC
Return to Bug #69958 | Download this patch
Patch Revisions:
2015-07-05 04:04 UTC [diff to current]
Developer: stas@php.net

commit 452d30cf7d1ba36d7f8bb8aeff5fb3134376f873
Author: Stanislav Malyshev <stas@php.net>
Date:   Sat Jul 4 21:01:50 2015 -0700

    Fix bug #69958 - Segfault in Phar::convertToData on invalid file

diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c
index add1fa0..1184863 100644
--- a/ext/phar/phar_object.c
+++ b/ext/phar/phar_object.c
@@ -1269,7 +1269,7 @@ PHP_METHOD(Phar, __construct)
 	INIT_PZVAL(&arg2);
 	ZVAL_LONG(&arg2, flags);
 
-	zend_call_method_with_2_params(&zobj, Z_OBJCE_P(zobj), 
+	zend_call_method_with_2_params(&zobj, Z_OBJCE_P(zobj),
 		&spl_ce_RecursiveDirectoryIterator->constructor, "__construct", NULL, &arg1, &arg2);
 
 	if (!phar_data->is_persistent) {
@@ -1293,7 +1293,7 @@ PHP_METHOD(Phar, getSupportedSignatures)
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
-	
+
 	array_init(return_value);
 
 	add_next_index_stringl(return_value, "MD5", 3, 1);
@@ -1320,7 +1320,7 @@ PHP_METHOD(Phar, getSupportedCompression)
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
-	
+
 	array_init(return_value);
 	phar_request_initialize(TSRMLS_C);
 
@@ -1608,7 +1608,7 @@ phar_spl_fileinfo:
 			}
 			return ZEND_HASH_APPLY_STOP;
 		}
-		
+
 		base = temp;
 		base_len = strlen(base);
 
@@ -1805,7 +1805,7 @@ after_open_fp:
 /* {{{ proto array Phar::buildFromDirectory(string base_dir[, string regex])
  * Construct a phar archive from an existing directory, recursively.
  * Optional second parameter is a regular expression for filtering directory contents.
- * 
+ *
  * Return value is an array mapping phar index to actual files added.
  */
 PHP_METHOD(Phar, buildFromDirectory)
@@ -1845,7 +1845,7 @@ PHP_METHOD(Phar, buildFromDirectory)
 	ZVAL_LONG(&arg2, SPL_FILE_DIR_SKIPDOTS|SPL_FILE_DIR_UNIXPATHS);
 #endif
 
-	zend_call_method_with_2_params(&iter, spl_ce_RecursiveDirectoryIterator, 
+	zend_call_method_with_2_params(&iter, spl_ce_RecursiveDirectoryIterator,
 			&spl_ce_RecursiveDirectoryIterator->constructor, "__construct", NULL, &arg, &arg2);
 
 	if (EG(exception)) {
@@ -1862,7 +1862,7 @@ PHP_METHOD(Phar, buildFromDirectory)
 		RETURN_FALSE;
 	}
 
-	zend_call_method_with_1_params(&iteriter, spl_ce_RecursiveIteratorIterator, 
+	zend_call_method_with_1_params(&iteriter, spl_ce_RecursiveIteratorIterator,
 			&spl_ce_RecursiveIteratorIterator->constructor, "__construct", NULL, iter);
 
 	if (EG(exception)) {
@@ -1887,7 +1887,7 @@ PHP_METHOD(Phar, buildFromDirectory)
 		INIT_PZVAL(&arg2);
 		ZVAL_STRINGL(&arg2, regex, regex_len, 0);
 
-		zend_call_method_with_2_params(&regexiter, spl_ce_RegexIterator, 
+		zend_call_method_with_2_params(&regexiter, spl_ce_RegexIterator,
 			&spl_ce_RegexIterator->constructor, "__construct", NULL, iteriter, &arg2);
 	}
 
@@ -2008,7 +2008,7 @@ PHP_METHOD(Phar, buildFromIterator)
 PHP_METHOD(Phar, count)
 {
 	PHAR_ARCHIVE_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -2173,7 +2173,7 @@ static zval *phar_rename_archive(phar_archive_data *phar, char *ext, zend_bool c
 	spprintf(&newname, 0, "%s.%s", strtok(basename, "."), ext);
 	efree(basename);
 
-	
+
 
 	basepath = estrndup(oldpath, (strlen(oldpath) - oldname_len));
 	phar->fname_len = spprintf(&newpath, 0, "%s%s", basepath, newname);
@@ -2419,7 +2419,9 @@ no_copy:
 		zend_hash_destroy(&(phar->manifest));
 		zend_hash_destroy(&(phar->mounted_dirs));
 		zend_hash_destroy(&(phar->virtual_dirs));
-		php_stream_close(phar->fp);
+		if (phar->fp) {
+			php_stream_close(phar->fp);
+		}
 		efree(phar->fname);
 		efree(phar);
 		return NULL;
@@ -2639,7 +2641,7 @@ PHP_METHOD(Phar, convertToData)
 PHP_METHOD(Phar, isCompressed)
 {
 	PHAR_ARCHIVE_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -2663,7 +2665,7 @@ PHP_METHOD(Phar, isWritable)
 {
 	php_stream_statbuf ssb;
 	PHAR_ARCHIVE_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -2741,7 +2743,7 @@ PHP_METHOD(Phar, delete)
 PHP_METHOD(Phar, getAlias)
 {
 	PHAR_ARCHIVE_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -2758,7 +2760,7 @@ PHP_METHOD(Phar, getAlias)
 PHP_METHOD(Phar, getPath)
 {
 	PHAR_ARCHIVE_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -2874,7 +2876,7 @@ valid_alias:
 PHP_METHOD(Phar, getVersion)
 {
 	PHAR_ARCHIVE_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -2889,7 +2891,7 @@ PHP_METHOD(Phar, getVersion)
 PHP_METHOD(Phar, startBuffering)
 {
 	PHAR_ARCHIVE_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -2904,7 +2906,7 @@ PHP_METHOD(Phar, startBuffering)
 PHP_METHOD(Phar, isBuffering)
 {
 	PHAR_ARCHIVE_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -2921,7 +2923,7 @@ PHP_METHOD(Phar, stopBuffering)
 	char *error;
 
 	PHAR_ARCHIVE_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -3156,7 +3158,7 @@ PHP_METHOD(Phar, setSignatureAlgorithm)
 PHP_METHOD(Phar, getSignature)
 {
 	PHAR_ARCHIVE_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -3200,7 +3202,7 @@ PHP_METHOD(Phar, getSignature)
 PHP_METHOD(Phar, getModified)
 {
 	PHAR_ARCHIVE_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -3462,7 +3464,7 @@ PHP_METHOD(Phar, decompressFiles)
 {
 	char *error;
 	PHAR_ARCHIVE_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -3983,7 +3985,7 @@ PHP_METHOD(Phar, getStub)
 	phar_entry_info *stub;
 
 	PHAR_ARCHIVE_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -4086,7 +4088,7 @@ PHP_METHOD(Phar, hasMetadata)
 PHP_METHOD(Phar, getMetadata)
 {
 	PHAR_ARCHIVE_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -4544,7 +4546,7 @@ PHP_METHOD(PharFileInfo, __construct)
 	INIT_PZVAL(&arg1);
 	ZVAL_STRINGL(&arg1, fname, fname_len, 0);
 
-	zend_call_method_with_1_params(&zobj, Z_OBJCE_P(zobj), 
+	zend_call_method_with_1_params(&zobj, Z_OBJCE_P(zobj),
 		&spl_ce_SplFileInfo->constructor, "__construct", NULL, &arg1);
 }
 /* }}} */
@@ -4582,7 +4584,7 @@ PHP_METHOD(PharFileInfo, __destruct)
 PHP_METHOD(PharFileInfo, getCompressedSize)
 {
 	PHAR_ENTRY_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -4624,7 +4626,7 @@ PHP_METHOD(PharFileInfo, isCompressed)
 PHP_METHOD(PharFileInfo, getCRC32)
 {
 	PHAR_ENTRY_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -4650,7 +4652,7 @@ PHP_METHOD(PharFileInfo, getCRC32)
 PHP_METHOD(PharFileInfo, isCRCChecked)
 {
 	PHAR_ENTRY_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -4665,7 +4667,7 @@ PHP_METHOD(PharFileInfo, isCRCChecked)
 PHP_METHOD(PharFileInfo, getPharFlags)
 {
 	PHAR_ENTRY_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -4743,7 +4745,7 @@ PHP_METHOD(PharFileInfo, chmod)
 PHP_METHOD(PharFileInfo, hasMetadata)
 {
 	PHAR_ENTRY_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -4758,7 +4760,7 @@ PHP_METHOD(PharFileInfo, hasMetadata)
 PHP_METHOD(PharFileInfo, getMetadata)
 {
 	PHAR_ENTRY_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -4839,7 +4841,7 @@ PHP_METHOD(PharFileInfo, delMetadata)
 	char *error;
 
 	PHAR_ENTRY_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -4897,7 +4899,7 @@ PHP_METHOD(PharFileInfo, getContent)
 	phar_entry_info *link;
 
 	PHAR_ENTRY_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
@@ -5071,7 +5073,7 @@ PHP_METHOD(PharFileInfo, decompress)
 {
 	char *error;
 	PHAR_ENTRY_OBJECT();
-	
+
 	if (zend_parse_parameters_none() == FAILURE) {
 		return;
 	}
diff --git a/ext/phar/tests/bug69958.phpt b/ext/phar/tests/bug69958.phpt
new file mode 100644
index 0000000..d63b413
--- /dev/null
+++ b/ext/phar/tests/bug69958.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Phar: bug #69958: Segfault in Phar::convertToData on invalid file
+--SKIPIF--
+<?php if (!extension_loaded("phar")) die("skip"); ?>
+--FILE--
+<?php
+$tarphar = new PharData(__DIR__.'/bug69958.tar');
+$phar = $tarphar->convertToData(Phar::TAR); 
+--EXPECTF--
+Fatal error: Uncaught exception 'BadMethodCallException' with message 'phar "%s/bug69958.tar" exists and must be unlinked prior to conversion' in %s/bug69958.php:%d
+Stack trace:
+#0 %s/bug69958.php(%d): PharData->convertToData(%d)
+#1 {main}
+  thrown in %s/bug69958.php on line %d
diff --git a/ext/phar/tests/bug69958.tar b/ext/phar/tests/bug69958.tar
new file mode 100644
index 0000000..0227524
Binary files /dev/null and b/ext/phar/tests/bug69958.tar differ
	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for

Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Wed Apr 24 22:01:30 2024 UTC