-
-
Save smalyshev/80ba8551fb1e69f4e1ac to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
commit 13ad4d3e971807f9a58ab5933182907dc2958539 | |
Author: Stanislav Malyshev <stas@php.net> | |
Date: Wed Jan 13 16:32:29 2016 -0800 | |
Fix bug #71354 - remove UMR when size is 0 | |
diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c | |
index 6d25509..e21a982 100644 | |
--- a/ext/phar/phar_object.c | |
+++ b/ext/phar/phar_object.c | |
@@ -4884,6 +4884,7 @@ PHP_METHOD(PharFileInfo, getContent) | |
phar_seek_efp(link, 0, SEEK_SET, 0, 0 TSRMLS_CC); | |
Z_TYPE_P(return_value) = IS_STRING; | |
+ Z_STRVAL_P(return_value) = NULL; | |
Z_STRLEN_P(return_value) = php_stream_copy_to_mem(fp, &(Z_STRVAL_P(return_value)), link->uncompressed_filesize, 0); | |
if (!Z_STRVAL_P(return_value)) { | |
diff --git a/ext/phar/tests/bug71354.phpt b/ext/phar/tests/bug71354.phpt | |
new file mode 100644 | |
index 0000000..43230f1 | |
--- /dev/null | |
+++ b/ext/phar/tests/bug71354.phpt | |
@@ -0,0 +1,13 @@ | |
+--TEST-- | |
+Phar: bug #71354: Heap corruption in tar/zip/phar parser. | |
+--SKIPIF-- | |
+<?php if (!extension_loaded("phar")) die("skip"); ?> | |
+--FILE-- | |
+<?php | |
+$p = new PharData(__DIR__."/bug71354.tar"); | |
+var_dump($p['aaaa']->getContent()); | |
+?> | |
+DONE | |
+--EXPECT-- | |
+string(0) "" | |
+DONE | |
\ No newline at end of file | |
diff --git a/ext/phar/tests/bug71354.tar b/ext/phar/tests/bug71354.tar | |
new file mode 100644 | |
index 0000000..b0bd992 | |
Binary files /dev/null and b/ext/phar/tests/bug71354.tar differ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment