fix bug 53885 (ZipArchive segfault with FL_UNCHANGED on empty archive)

3 files changed, 25 insertions, 0 deletions

diff --git a/NEWS b/NEWS
index 7a52ee4e75..032190a355 100644
--- a/NEWS
+++ b/NEWS
@@ -154,6 +154,8 @@
   . Fixed bug #53603 (ZipArchive should quiet stat errors). (brad dot froehle at
     gmail dot com, Gustavo)
   . Fixed bug #53854 (Missing constants for compression type). (Richard, Adam)
+  . Fixed bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive).
+    (Stas, Maksymilian Arciemowicz).
 
 06 Jan 2011, PHP 5.3.5
 - Fixed Bug #53632 (infinite loop with x87 fpu). (CVE-2010-4645) (Scott, 
diff --git a/ext/zip/lib/zip_name_locate.c b/ext/zip/lib/zip_name_locate.c
index e8b35ff936..96c4f937e0 100644
--- a/ext/zip/lib/zip_name_locate.c
+++ b/ext/zip/lib/zip_name_locate.c
@@ -60,6 +60,10 @@ _zip_name_locate(struct zip *za, const char *fname, int flags,
 	return -1;
     }
 
+    if((flags & ZIP_FL_UNCHANGED)  && !za->cdir) {
+    	return -1;
+    }
+
     cmp = (flags & ZIP_FL_NOCASE) ? strcmpi : strcmp;
 
     n = (flags & ZIP_FL_UNCHANGED) ? za->cdir->nentry : za->nentry;
diff --git a/ext/zip/tests/bug53885.phpt b/ext/zip/tests/bug53885.phpt
new file mode 100644
index 0000000000..d59bf8f034
--- /dev/null
+++ b/ext/zip/tests/bug53885.phpt
@@ -0,0 +1,19 @@
+--TEST--
+Bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive)
+--SKIPIF--
+<?php
+if(!extension_loaded('zip')) die('skip');
+?>
+--FILE--
+<?php
+$fname = dirname(__FILE__)."/test53885.zip";
+if(file_exists($fname)) unlink($fname);
+touch($fname);
+$nx=new ZipArchive();
+$nx->open($fname);
+$nx->locateName("a",ZIPARCHIVE::FL_UNCHANGED);
+$nx->statName("a",ZIPARCHIVE::FL_UNCHANGED);
+?>
+==DONE==
+--EXPECTF--
+==DONE==