summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ext/phar/phar_object.c1
-rw-r--r--ext/phar/tests/bug71354.phpt13
-rw-r--r--ext/phar/tests/bug71354.tarbin0 -> 1536 bytes
3 files changed, 14 insertions, 0 deletions
diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c
index 6d25509cdf..e21a9829e3 100644
--- a/ext/phar/phar_object.c
+++ b/ext/phar/phar_object.c
@@ -4884,6 +4884,7 @@ PHP_METHOD(PharFileInfo, getContent)
phar_seek_efp(link, 0, SEEK_SET, 0, 0 TSRMLS_CC);
Z_TYPE_P(return_value) = IS_STRING;
+ Z_STRVAL_P(return_value) = NULL;
Z_STRLEN_P(return_value) = php_stream_copy_to_mem(fp, &(Z_STRVAL_P(return_value)), link->uncompressed_filesize, 0);
if (!Z_STRVAL_P(return_value)) {
diff --git a/ext/phar/tests/bug71354.phpt b/ext/phar/tests/bug71354.phpt
new file mode 100644
index 0000000000..43230f1520
--- /dev/null
+++ b/ext/phar/tests/bug71354.phpt
@@ -0,0 +1,13 @@
+--TEST--
+Phar: bug #71354: Heap corruption in tar/zip/phar parser.
+--SKIPIF--
+<?php if (!extension_loaded("phar")) die("skip"); ?>
+--FILE--
+<?php
+$p = new PharData(__DIR__."/bug71354.tar");
+var_dump($p['aaaa']->getContent());
+?>
+DONE
+--EXPECT--
+string(0) ""
+DONE \ No newline at end of file
diff --git a/ext/phar/tests/bug71354.tar b/ext/phar/tests/bug71354.tar
new file mode 100644
index 0000000000..b0bd992b9e
--- /dev/null
+++ b/ext/phar/tests/bug71354.tar
Binary files differ
View Lorry Controller Status