diff options
author | Christoph M. Becker <cmbecker69@gmx.de> | 2020-07-14 17:04:24 +0200 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2020-08-02 15:31:29 -0700 |
commit | 7355ab81763a3d6a04ac11660e6a16d58838d187 (patch) | |
tree | 94d97f2d0e47474a487f88c1fb04dc34e8bf94d8 | |
parent | c68d48de9e1b6b6657d11da308f8b4059ad486dd (diff) | |
download | php-git-7355ab81763a3d6a04ac11660e6a16d58838d187.tar.gz |
Fix #79797: Use of freed hash key in the phar_parse_zipfile function
We must not use heap memory after we freed it.
-rw-r--r-- | ext/phar/tests/bug79797.phar | bin | 0 -> 274 bytes | |||
-rw-r--r-- | ext/phar/tests/bug79797.phpt | 14 | ||||
-rw-r--r-- | ext/phar/zip.c | 2 |
3 files changed, 15 insertions, 1 deletions
diff --git a/ext/phar/tests/bug79797.phar b/ext/phar/tests/bug79797.phar Binary files differnew file mode 100644 index 0000000000..21d43d9eeb --- /dev/null +++ b/ext/phar/tests/bug79797.phar diff --git a/ext/phar/tests/bug79797.phpt b/ext/phar/tests/bug79797.phpt new file mode 100644 index 0000000000..761e5379e0 --- /dev/null +++ b/ext/phar/tests/bug79797.phpt @@ -0,0 +1,14 @@ +--TEST-- +Bug #79797 (Use of freed hash key in the phar_parse_zipfile function) +--SKIPIF-- +<?php +if (!extension_loaded('phar')) die('skip phar extension not available'); +?> +--INI-- +phar.cache_list={PWD}/bug79797.phar +--FILE-- +<?php +echo "done\n"; +?> +--EXPECT-- +done diff --git a/ext/phar/zip.c b/ext/phar/zip.c index d615e8adda..50c5d69e9b 100644 --- a/ext/phar/zip.c +++ b/ext/phar/zip.c @@ -703,7 +703,7 @@ foundit: efree(actual_alias); } - zend_hash_str_add_ptr(&(PHAR_G(phar_alias_map)), actual_alias, mydata->alias_len, mydata); + zend_hash_str_add_ptr(&(PHAR_G(phar_alias_map)), mydata->alias, mydata->alias_len, mydata); } else { phar_archive_data *fd_ptr; |