Merge branch 'PHP-7.0.11' into PHP-7.0

* PHP-7.0.11: (22 commits)
  Fix bug #72293 - Heap overflow in mysqlnd related to BIT fields
  I don't think 8cceb012a7aabf3c36ab7c2724a436f976cdd165 is needed
  Fix test
  Add check in fgetcsv in case sizeof(unit) != sizeof(size_t)
  Fix bug #73065: Out-Of-Bounds Read in php_wddx_push_element of wddx.c
  Fix bug #73035 (Out of bound when verify signature of tar phar in phar_parse_tarfile)
  Fix bug #73052 - Memory Corruption in During Deserialized-object Destruction
  Fix bug #73029 - Missing type check when unserializing SplArray
  Fix bug #72860: wddx_deserialize use-after-free
  Fix bug #73007: add locale length check
  Fix bug #72928 - Out of bound when verify signature of zip phar in phar_parse_zipfile
  sync NEWS
  Revert "Merge branch 'PHP-5.6' into PHP-7.0"
  Merge branch 'PHP-5.6' into PHP-7.0
  Merge branch 'PHP-5.6' into PHP-7.0
  Revert "Revert "Merge branch 'PHP-5.6' into PHP-7.0""
  fix version
  sync NEWS
  Fix bug #72957
  set versions
  ...

1 files changed, 1 insertions, 1 deletions

diff --git a/ext/phar/zip.c b/ext/phar/zip.c
index 73a11870aa..a29a75d212 100644
--- a/ext/phar/zip.c
+++ b/ext/phar/zip.c
@@ -418,7 +418,7 @@ foundit:
 			php_stream_seek(fp, sizeof(phar_zip_file_header) + entry.header_offset + entry.filename_len + PHAR_GET_16(zipentry.extra_len), SEEK_SET);
 			sig = (char *) emalloc(entry.uncompressed_filesize);
 			read = php_stream_read(fp, sig, entry.uncompressed_filesize);
-			if (read != entry.uncompressed_filesize) {
+			if (read != entry.uncompressed_filesize || read <= 8) {
 				php_stream_close(sigfile);
 				efree(sig);
 				PHAR_ZIP_FAIL("signature cannot be read");