diff options
author | Christoph M. Becker <cmbecker69@gmx.de> | 2020-04-22 15:08:13 +0200 |
---|---|---|
committer | Christoph M. Becker <cmbecker69@gmx.de> | 2020-04-22 15:08:50 +0200 |
commit | c705079b12984dab1901a32b4a0609f2ab8f449a (patch) | |
tree | b959d787ecc1d5b63fb5c375731450150ba291f3 | |
parent | a1a044dcc74379fafb2b63db5ab033aa062aada7 (diff) | |
parent | ccca2c448df35ac457eeef11fb7f0d604de3e5f9 (diff) | |
download | php-git-c705079b12984dab1901a32b4a0609f2ab8f449a.tar.gz |
Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
Fix #79503: Memory leak on duplicate metadata
-rw-r--r-- | NEWS | 5 | ||||
-rw-r--r-- | ext/phar/tar.c | 8 | ||||
-rw-r--r-- | ext/phar/tests/bug79503.phar | bin | 0 -> 4001 bytes | |||
-rw-r--r-- | ext/phar/tests/bug79503.phpt | 16 |
4 files changed, 28 insertions, 1 deletions
@@ -26,9 +26,12 @@ PHP NEWS . Fixed bug #79497 (stream_socket_client() throws an unknown error sometimes with <1s timeout). (Joe Cai) -PCRE: +- PCRE: . Upgraded to PCRE2 10.34. (cmb) +- Phar: + . Fixed bug #79503 (Memory leak on duplicate metadata). (cmb) + - SPL: . Fixed bug #69264 (__debugInfo() ignored while extending SPL classes). (cmb) . Fixed bug #67369 (ArrayObject serialization drops the iterator class). diff --git a/ext/phar/tar.c b/ext/phar/tar.c index d1b19ee586..773bdbca70 100644 --- a/ext/phar/tar.c +++ b/ext/phar/tar.c @@ -181,9 +181,17 @@ static int phar_tar_process_metadata(phar_entry_info *entry, php_stream *fp) /* } if (entry->filename_len == sizeof(".phar/.metadata.bin")-1 && !memcmp(entry->filename, ".phar/.metadata.bin", sizeof(".phar/.metadata.bin")-1)) { + if (Z_TYPE(entry->phar->metadata) != IS_UNDEF) { + efree(metadata); + return FAILURE; + } entry->phar->metadata = entry->metadata; ZVAL_UNDEF(&entry->metadata); } else if (entry->filename_len >= sizeof(".phar/.metadata/") + sizeof("/.metadata.bin") - 1 && NULL != (mentry = zend_hash_str_find_ptr(&(entry->phar->manifest), entry->filename + sizeof(".phar/.metadata/") - 1, entry->filename_len - (sizeof("/.metadata.bin") - 1 + sizeof(".phar/.metadata/") - 1)))) { + if (Z_TYPE(mentry->metadata) != IS_UNDEF) { + efree(metadata); + return FAILURE; + } /* transfer this metadata to the entry it refers */ mentry->metadata = entry->metadata; ZVAL_UNDEF(&entry->metadata); diff --git a/ext/phar/tests/bug79503.phar b/ext/phar/tests/bug79503.phar Binary files differnew file mode 100644 index 0000000000..d378c6f3df --- /dev/null +++ b/ext/phar/tests/bug79503.phar diff --git a/ext/phar/tests/bug79503.phpt b/ext/phar/tests/bug79503.phpt new file mode 100644 index 0000000000..874330fac7 --- /dev/null +++ b/ext/phar/tests/bug79503.phpt @@ -0,0 +1,16 @@ +--TEST-- +Bug #79503 (Memory leak on duplicate metadata) +--SKIPIF-- +<?php +if (!extension_loaded('phar')) die('skip phar extension not available'); +?> +--FILE-- +<?php +try { + new Phar(__DIR__ . '/bug79503.phar'); +} catch (UnexpectedValueException $ex) { + echo $ex->getMessage(); +} +?> +--EXPECTF-- +phar error: tar-based phar "%s%ebug79503.phar" has invalid metadata in magic file ".phar/.metadata.bin" |