diff options
| author | Christoph M. Becker <cmbecker69@gmx.de> | 2020-07-14 17:04:24 +0200 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2020-08-03 01:10:22 -0700 |
| commit | 775385df0e954f8cf9b5046bebc8e40ce26e601b (patch) | |
| tree | 14dd8dfd6fd21aeda0b7676cf103d802a668375a | |
| parent | 24495ba7780b0656a753678c6337d7a479d35ed3 (diff) | |
| download | php-git-775385df0e954f8cf9b5046bebc8e40ce26e601b.tar.gz | |
Fix #79797: Use of freed hash key in the phar_parse_zipfile function
We must not use heap memory after we freed it.
| -rw-r--r-- | ext/phar/tests/bug79797.phar | bin | 0 -> 274 bytes | |||
| -rw-r--r-- | ext/phar/tests/bug79797.phpt | 14 | ||||
| -rw-r--r-- | ext/phar/zip.c | 2 |
3 files changed, 15 insertions, 1 deletions
diff --git a/ext/phar/tests/bug79797.phar b/ext/phar/tests/bug79797.phar Binary files differnew file mode 100644 index 0000000000..21d43d9eeb --- /dev/null +++ b/ext/phar/tests/bug79797.phar diff --git a/ext/phar/tests/bug79797.phpt b/ext/phar/tests/bug79797.phpt new file mode 100644 index 0000000000..761e5379e0 --- /dev/null +++ b/ext/phar/tests/bug79797.phpt @@ -0,0 +1,14 @@ +--TEST-- +Bug #79797 (Use of freed hash key in the phar_parse_zipfile function) +--SKIPIF-- +<?php +if (!extension_loaded('phar')) die('skip phar extension not available'); +?> +--INI-- +phar.cache_list={PWD}/bug79797.phar +--FILE-- +<?php +echo "done\n"; +?> +--EXPECT-- +done diff --git a/ext/phar/zip.c b/ext/phar/zip.c index e086354b11..b241c0589b 100644 --- a/ext/phar/zip.c +++ b/ext/phar/zip.c @@ -712,7 +712,7 @@ foundit: efree(actual_alias); } - zend_hash_str_add_ptr(&(PHAR_G(phar_alias_map)), actual_alias, mydata->alias_len, mydata); + zend_hash_str_add_ptr(&(PHAR_G(phar_alias_map)), mydata->alias, mydata->alias_len, mydata); } else { phar_archive_data *fd_ptr; |