diff options
-rw-r--r-- | NEWS | 5 | ||||
-rw-r--r-- | ext/phar/tar.c | 8 | ||||
-rw-r--r-- | ext/phar/tests/bug79503.phar | bin | 0 -> 4001 bytes | |||
-rw-r--r-- | ext/phar/tests/bug79503.phpt | 16 |
4 files changed, 28 insertions, 1 deletions
@@ -26,9 +26,12 @@ PHP NEWS . Fixed bug #79497 (stream_socket_client() throws an unknown error sometimes with <1s timeout). (Joe Cai) -PCRE: +- PCRE: . Upgraded to PCRE2 10.34. (cmb) +- Phar: + . Fixed bug #79503 (Memory leak on duplicate metadata). (cmb) + - SPL: . Fixed bug #69264 (__debugInfo() ignored while extending SPL classes). (cmb) . Fixed bug #67369 (ArrayObject serialization drops the iterator class). diff --git a/ext/phar/tar.c b/ext/phar/tar.c index d1b19ee586..773bdbca70 100644 --- a/ext/phar/tar.c +++ b/ext/phar/tar.c @@ -181,9 +181,17 @@ static int phar_tar_process_metadata(phar_entry_info *entry, php_stream *fp) /* } if (entry->filename_len == sizeof(".phar/.metadata.bin")-1 && !memcmp(entry->filename, ".phar/.metadata.bin", sizeof(".phar/.metadata.bin")-1)) { + if (Z_TYPE(entry->phar->metadata) != IS_UNDEF) { + efree(metadata); + return FAILURE; + } entry->phar->metadata = entry->metadata; ZVAL_UNDEF(&entry->metadata); } else if (entry->filename_len >= sizeof(".phar/.metadata/") + sizeof("/.metadata.bin") - 1 && NULL != (mentry = zend_hash_str_find_ptr(&(entry->phar->manifest), entry->filename + sizeof(".phar/.metadata/") - 1, entry->filename_len - (sizeof("/.metadata.bin") - 1 + sizeof(".phar/.metadata/") - 1)))) { + if (Z_TYPE(mentry->metadata) != IS_UNDEF) { + efree(metadata); + return FAILURE; + } /* transfer this metadata to the entry it refers */ mentry->metadata = entry->metadata; ZVAL_UNDEF(&entry->metadata); diff --git a/ext/phar/tests/bug79503.phar b/ext/phar/tests/bug79503.phar Binary files differnew file mode 100644 index 0000000000..d378c6f3df --- /dev/null +++ b/ext/phar/tests/bug79503.phar diff --git a/ext/phar/tests/bug79503.phpt b/ext/phar/tests/bug79503.phpt new file mode 100644 index 0000000000..874330fac7 --- /dev/null +++ b/ext/phar/tests/bug79503.phpt @@ -0,0 +1,16 @@ +--TEST-- +Bug #79503 (Memory leak on duplicate metadata) +--SKIPIF-- +<?php +if (!extension_loaded('phar')) die('skip phar extension not available'); +?> +--FILE-- +<?php +try { + new Phar(__DIR__ . '/bug79503.phar'); +} catch (UnexpectedValueException $ex) { + echo $ex->getMessage(); +} +?> +--EXPECTF-- +phar error: tar-based phar "%s%ebug79503.phar" has invalid metadata in magic file ".phar/.metadata.bin" |