diff options
Diffstat (limited to 'ext')
| -rw-r--r-- | ext/phar/phar.c | 6 | ||||
| -rw-r--r-- | ext/phar/tests/bug60164.phpt | 21 | ||||
| -rw-r--r-- | ext/phar/tests/files/stuboflength1041.phar | bin | 0 -> 1168 bytes | |||
| -rw-r--r-- | ext/phar/tests/files/stuboflength1041.phar.inc | 42 |
4 files changed, 67 insertions, 2 deletions
diff --git a/ext/phar/phar.c b/ext/phar/phar.c index 24d8c428af..e201ca50d0 100644 --- a/ext/phar/phar.c +++ b/ext/phar/phar.c @@ -1569,7 +1569,9 @@ static int phar_open_from_fp(php_stream* fp, char *fname, int fname_len, char *a const char zip_magic[] = "PK\x03\x04"; const char gz_magic[] = "\x1f\x8b\x08"; const char bz_magic[] = "BZh"; - char *pos, buffer[1024 + sizeof(token)], test = '\0'; + char *pos, test = '\0'; + const int window_size = 1024; + char buffer[window_size + sizeof(token)]; /* a 1024 byte window + the size of the halt_compiler token (moving window) */ const long readsize = sizeof(buffer) - sizeof(token); const long tokenlen = sizeof(token) - 1; long halt_offset; @@ -1717,7 +1719,7 @@ static int phar_open_from_fp(php_stream* fp, char *fname, int fname_len, char *a } halt_offset += got; - memmove(buffer, buffer + tokenlen, got + 1); + memmove(buffer, buffer + window_size, tokenlen); /* move the memory buffer by the size of the window */ } MAPPHAR_ALLOC_FAIL("internal corruption of phar \"%s\" (__HALT_COMPILER(); not found)") diff --git a/ext/phar/tests/bug60164.phpt b/ext/phar/tests/bug60164.phpt new file mode 100644 index 0000000000..8fd5de5146 --- /dev/null +++ b/ext/phar/tests/bug60164.phpt @@ -0,0 +1,21 @@ +--TEST-- +Phar: verify stub of specific length does not break __HALT_COMPILER(); scanning in php +--SKIPIF-- +<?php +if (!extension_loaded("phar")) die("skip"); +?> +--INI-- +phar.require_hash=0 +phar.readonly=0 +--FILE-- +<?php +$phar = __DIR__ . '/files/stuboflength1041.phar'; +foreach (new RecursiveIteratorIterator(new Phar($phar, null, 'stuboflength1041.phar')) as $item) { + var_dump($item->getFileName()); +} +?> +===DONE=== +--EXPECT-- +string(5) "a.php" +string(5) "b.php" +===DONE===
\ No newline at end of file diff --git a/ext/phar/tests/files/stuboflength1041.phar b/ext/phar/tests/files/stuboflength1041.phar Binary files differnew file mode 100644 index 0000000000..d90fb8f10d --- /dev/null +++ b/ext/phar/tests/files/stuboflength1041.phar diff --git a/ext/phar/tests/files/stuboflength1041.phar.inc b/ext/phar/tests/files/stuboflength1041.phar.inc new file mode 100644 index 0000000000..4a26a41a09 --- /dev/null +++ b/ext/phar/tests/files/stuboflength1041.phar.inc @@ -0,0 +1,42 @@ +<?php + +@unlink(__DIR__ . '/stuboflength1041.phar'); + +$phar = new Phar('./stuboflength1041.phar'); +$phar['a.php'] = 'hi1'; +$phar['b.php'] = 'hi2'; + +$phar->setStub('<?php +/***stub of length 1041 including the halt compiler********************************************* +************************************************************************************************ +************************************************************************************************ +************************************************************************************************ +************************************************************************************************ +************************************************************************************************ +************************************************************************************************ +************************************************************************************************ +************************************************************************************************ +************************************************************************************************ +*********************************************/ +__HALT_COMPILER();'); +<?php + +@unlink(__DIR__ . '/stuboflength1041.phar'); + +$phar = new Phar('./stuboflength1041.phar'); +$phar['a.php'] = 'hi1'; +$phar['b.php'] = 'hi2'; + +$phar->setStub('<?php +/***stub of length 1041 including the halt compiler********************************************* +************************************************************************************************ +************************************************************************************************ +************************************************************************************************ +************************************************************************************************ +************************************************************************************************ +************************************************************************************************ +************************************************************************************************ +************************************************************************************************ +************************************************************************************************ +*********************************************/ +__HALT_COMPILER();');
\ No newline at end of file |