Fixed bugs #71317 and #71504

If there are duplicate filenames in tar, the last one wins.

5 files changed, 73 insertions, 1 deletions

diff --git a/NEWS b/NEWS
index 3938a4ed7a..d0575da9e9 100644
--- a/NEWS
+++ b/NEWS
@@ -17,6 +17,8 @@ PHP                                                                        NEWS
 - Phar:
   . Fixed bug #71625 (Crash in php7.dll with bad phar filename).
     (Anatol)
+  . Fixed bug #71504 (Parsing of tar file with duplicate filenames causes
+    memory leak). (Jos Elstgeest)
 
 03 Mar 2016, PHP 5.6.19
 
diff --git a/ext/phar/tar.c b/ext/phar/tar.c
index 1fcfe52756..62edcb59f1 100644
--- a/ext/phar/tar.c
+++ b/ext/phar/tar.c
@@ -500,7 +500,9 @@ bail:
 			entry.link = estrndup(hdr->linkname, linkname_len);
 		}
 		phar_set_inode(&entry TSRMLS_CC);
-		zend_hash_add(&myphar->manifest, entry.filename, entry.filename_len, (void*)&entry, sizeof(phar_entry_info), (void **) &newentry);
+
+		zend_hash_update(&myphar->manifest, entry.filename, entry.filename_len, (void*)&entry, sizeof(phar_entry_info), (void **) &newentry);
+		ZEND_ASSERT(newentry != NULL);
 
 		if (entry.is_persistent) {
 			++entry.manifest_pos;
diff --git a/ext/phar/tests/tar/bug71317-duplicate-filename.phpt b/ext/phar/tests/tar/bug71317-duplicate-filename.phpt
new file mode 100644
index 0000000000..bcbccab1c8
--- /dev/null
+++ b/ext/phar/tests/tar/bug71317-duplicate-filename.phpt
@@ -0,0 +1,50 @@
+--TEST--
+Bug #71317: regression in opening tar based phar files
+--SKIPIF--
+<?php if (!extension_loaded('phar')) die('skip'); ?>
+<?php if (!extension_loaded("spl")) die("skip SPL not available"); ?>
+<?php if (!extension_loaded("zlib")) die("skip zlib not available"); ?>
+--FILE--
+<?php
+include dirname(__FILE__) . '/files/tarmaker.php.inc';
+
+$testDirectory = __DIR__ . '/files/test_bug71317';
+$testTarFilename  = __DIR__ . '/files/test_bug71317.tar';
+
+$tar = new tarmaker($testTarFilename, 'none');
+$tar->init();
+$tar->addFile('file1.txt', 'file1');
+$tar->addFile('file2.txt', 'file2');
+$tar->addFile('file3.txt', 'file3');
+$tar->addFile('file4.txt', 'file4');
+$tar->addFile('file5.txt', 'file5');
+$tar->addFile('file2.txt', 'file2a');
+$tar->close();
+
+$fname = str_replace('\\', '/', $testTarFilename);
+try {
+	mkdir($testDirectory);
+	$tar = new PharData($fname);
+	$tar->extractTo($testDirectory);
+
+	$fileContent = file_get_contents($testDirectory . '/file2.txt');
+	$expectedContent = 'file2a';
+	if ($fileContent !== $expectedContent) {
+		throw new Exception(sprintf('Contents of file2.txt ("%s") is invalid, expected "%s"', $fileContent, $expectedContent));
+	}
+} catch(Exception $e) {
+	echo $e->getMessage() . "\n";
+}
+?>
+===DONE===
+--CLEAN--
+<?php
+$testDirectory = __DIR__ . '/files/test_bug71317';
+$testTarFilename  = __DIR__ . '/files/test_bug71317.tar';
+
+unlink($testTarFilename);
+array_map('unlink', glob($testDirectory . "/*.txt"));
+rmdir($testDirectory);
+?>
+--EXPECT--
+===DONE===
diff --git a/ext/phar/tests/tar/bug71504.phpt b/ext/phar/tests/tar/bug71504.phpt
new file mode 100644
index 0000000000..e85078810e
--- /dev/null
+++ b/ext/phar/tests/tar/bug71504.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Bug #71504: Parsing of tar file with duplicate filenames causes memory leak
+--SKIPIF--
+<?php if (!extension_loaded('phar')) die('skip'); ?>
+<?php if (!extension_loaded("spl")) die("skip SPL not available"); ?>
+<?php if (!extension_loaded("zlib")) die("skip zlib not available"); ?>
+--FILE--
+<?php
+$fname = str_replace('\\', '/', dirname(__FILE__) . '/files/HTML_CSS-1.5.4.tgz');
+try {
+	$tar = new PharData($fname);
+} catch(Exception $e) {
+	echo $e->getMessage() . "\n";
+}
+?>
+===DONE===
+--EXPECT--
+===DONE===
diff --git a/ext/phar/tests/tar/files/HTML_CSS-1.5.4.tgz b/ext/phar/tests/tar/files/HTML_CSS-1.5.4.tgz
new file mode 100644
index 0000000000..d0b2313e7a
--- /dev/null
+++ b/ext/phar/tests/tar/files/HTML_CSS-1.5.4.tgz