stas Sat, 19 Nov 2011 04:59:56 +0000
Revision: http://svn.php.net/viewvc?view=revision&revision=319538
Log:
fix bug #60164 (Stubs of a specific length break phar_open_from_fp scanning for
__HALT_COMPILER)
Bug: https://bugs.php.net/60164 (Feedback) Stubs of a specific length break
phar_open_from_fp scanning for __HALT_COMPILER
Changed paths:
U php/php-src/branches/PHP_5_3/NEWS
U php/php-src/branches/PHP_5_3/ext/phar/phar.c
A php/php-src/branches/PHP_5_3/ext/phar/tests/bug60164.phpt
A php/php-src/branches/PHP_5_3/ext/phar/tests/files/stuboflength1041.phar
A
php/php-src/branches/PHP_5_3/ext/phar/tests/files/stuboflength1041.phar.inc
U php/php-src/branches/PHP_5_4/ext/phar/phar.c
A php/php-src/branches/PHP_5_4/ext/phar/tests/bug60164.phpt
A php/php-src/branches/PHP_5_4/ext/phar/tests/files/stuboflength1041.phar
A
php/php-src/branches/PHP_5_4/ext/phar/tests/files/stuboflength1041.phar.inc
U php/php-src/trunk/ext/phar/phar.c
A php/php-src/trunk/ext/phar/tests/bug60164.phpt
A php/php-src/trunk/ext/phar/tests/files/stuboflength1041.phar
A php/php-src/trunk/ext/phar/tests/files/stuboflength1041.phar.inc
Modified: php/php-src/branches/PHP_5_3/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3/NEWS 2011-11-19 04:52:06 UTC (rev 319537)
+++ php/php-src/branches/PHP_5_3/NEWS 2011-11-19 04:59:56 UTC (rev 319538)
@@ -42,6 +42,8 @@
- Phar:
. Fixed bug #60261 (NULL pointer dereference in phar). (Felipe)
+ . Fixed bug #60164 (Stubs of a specific length break phar_open_from_fp
+ scanning for __HALT_COMPILER). (Ralph Schindler)
- Postgres:
. Fixed bug #60244 (pg_fetch_* functions do not validate that row param
Modified: php/php-src/branches/PHP_5_3/ext/phar/phar.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/phar/phar.c 2011-11-19 04:52:06 UTC (rev 319537)
+++ php/php-src/branches/PHP_5_3/ext/phar/phar.c 2011-11-19 04:59:56 UTC (rev 319538)
@@ -1569,7 +1569,9 @@
const char zip_magic[] = "PK\x03\x04";
const char gz_magic[] = "\x1f\x8b\x08";
const char bz_magic[] = "BZh";
- char *pos, buffer[1024 + sizeof(token)], test = '\0';
+ char *pos, test = '\0';
+ const int window_size = 1024;
+ char buffer[window_size + sizeof(token)]; /* a 1024 byte window + the size of the halt_compiler token (moving window) */
const long readsize = sizeof(buffer) - sizeof(token);
const long tokenlen = sizeof(token) - 1;
long halt_offset;
@@ -1717,7 +1719,7 @@
}
halt_offset += got;
- memmove(buffer, buffer + tokenlen, got + 1);
+ memmove(buffer, buffer + window_size, tokenlen); /* move the memory buffer by the size of the window */
}
MAPPHAR_ALLOC_FAIL("internal corruption of phar \"%s\" (__HALT_COMPILER(); not found)")
Added: php/php-src/branches/PHP_5_3/ext/phar/tests/bug60164.phpt
===================================================================
--- php/php-src/branches/PHP_5_3/ext/phar/tests/bug60164.phpt (rev 0)
+++ php/php-src/branches/PHP_5_3/ext/phar/tests/bug60164.phpt 2011-11-19 04:59:56 UTC (rev 319538)
@@ -0,0 +1,21 @@
+--TEST--
+Phar: verify stub of specific length does not break __HALT_COMPILER(); scanning in php
+--SKIPIF--
+<?php
+if (!extension_loaded("phar")) die("skip");
+?>
+--INI--
+phar.require_hash=0
+phar.readonly=0
+--FILE--
+<?php
+$phar = __DIR__ . '/files/stuboflength1041.phar';
+foreach (new RecursiveIteratorIterator(new Phar($phar, null, 'stuboflength1041.phar')) as $item) {
+ var_dump($item->getFileName());
+}
+?>
+===DONE===
+--EXPECT--
+string(5) "a.php"
+string(5) "b.php"
+===DONE===
\ No newline at end of file
Added: php/php-src/branches/PHP_5_3/ext/phar/tests/files/stuboflength1041.phar
===================================================================
--- php/php-src/branches/PHP_5_3/ext/phar/tests/files/stuboflength1041.phar (rev 0)
+++ php/php-src/branches/PHP_5_3/ext/phar/tests/files/stuboflength1041.phar 2011-11-19 04:59:56 UTC (rev 319538)
@@ -0,0 +1,14 @@
+<?php
+/***stub of length 1041 including the halt compiler*********************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+*********************************************/
+__HALT_COMPILER(); ?>
+T�������������������������a.php�������N����^�d\������������b.php�������N������mŶ�������hi1hi2�,�����'��e�:��İ7������GBMB
\ No newline at end of file
Added: php/php-src/branches/PHP_5_3/ext/phar/tests/files/stuboflength1041.phar.inc
===================================================================
--- php/php-src/branches/PHP_5_3/ext/phar/tests/files/stuboflength1041.phar.inc (rev 0)
+++ php/php-src/branches/PHP_5_3/ext/phar/tests/files/stuboflength1041.phar.inc 2011-11-19 04:59:56 UTC (rev 319538)
@@ -0,0 +1,42 @@
+<?php
+
+@unlink(__DIR__ . '/stuboflength1041.phar');
+
+$phar = new Phar('./stuboflength1041.phar');
+$phar['a.php'] = 'hi1';
+$phar['b.php'] = 'hi2';
+
+$phar->setStub('<?php
+/***stub of length 1041 including the halt compiler*********************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+*********************************************/
+__HALT_COMPILER();');
+<?php
+
+@unlink(__DIR__ . '/stuboflength1041.phar');
+
+$phar = new Phar('./stuboflength1041.phar');
+$phar['a.php'] = 'hi1';
+$phar['b.php'] = 'hi2';
+
+$phar->setStub('<?php
+/***stub of length 1041 including the halt compiler*********************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+*********************************************/
+__HALT_COMPILER();');
\ No newline at end of file
Modified: php/php-src/branches/PHP_5_4/ext/phar/phar.c
===================================================================
--- php/php-src/branches/PHP_5_4/ext/phar/phar.c 2011-11-19 04:52:06 UTC (rev 319537)
+++ php/php-src/branches/PHP_5_4/ext/phar/phar.c 2011-11-19 04:59:56 UTC (rev 319538)
@@ -1569,7 +1569,9 @@
const char zip_magic[] = "PK\x03\x04";
const char gz_magic[] = "\x1f\x8b\x08";
const char bz_magic[] = "BZh";
- char *pos, buffer[1024 + sizeof(token)], test = '\0';
+ char *pos, test = '\0';
+ const int window_size = 1024;
+ char buffer[window_size + sizeof(token)]; /* a 1024 byte window + the size of the halt_compiler token (moving window) */
const long readsize = sizeof(buffer) - sizeof(token);
const long tokenlen = sizeof(token) - 1;
long halt_offset;
@@ -1717,7 +1719,7 @@
}
halt_offset += got;
- memmove(buffer, buffer + tokenlen, got + 1);
+ memmove(buffer, buffer + window_size, tokenlen); /* move the memory buffer by the size of the window */
}
MAPPHAR_ALLOC_FAIL("internal corruption of phar \"%s\" (__HALT_COMPILER(); not found)")
Added: php/php-src/branches/PHP_5_4/ext/phar/tests/bug60164.phpt
===================================================================
--- php/php-src/branches/PHP_5_4/ext/phar/tests/bug60164.phpt (rev 0)
+++ php/php-src/branches/PHP_5_4/ext/phar/tests/bug60164.phpt 2011-11-19 04:59:56 UTC (rev 319538)
@@ -0,0 +1,21 @@
+--TEST--
+Phar: verify stub of specific length does not break __HALT_COMPILER(); scanning in php
+--SKIPIF--
+<?php
+if (!extension_loaded("phar")) die("skip");
+?>
+--INI--
+phar.require_hash=0
+phar.readonly=0
+--FILE--
+<?php
+$phar = __DIR__ . '/files/stuboflength1041.phar';
+foreach (new RecursiveIteratorIterator(new Phar($phar, null, 'stuboflength1041.phar')) as $item) {
+ var_dump($item->getFileName());
+}
+?>
+===DONE===
+--EXPECT--
+string(5) "a.php"
+string(5) "b.php"
+===DONE===
\ No newline at end of file
Added: php/php-src/branches/PHP_5_4/ext/phar/tests/files/stuboflength1041.phar
===================================================================
--- php/php-src/branches/PHP_5_4/ext/phar/tests/files/stuboflength1041.phar (rev 0)
+++ php/php-src/branches/PHP_5_4/ext/phar/tests/files/stuboflength1041.phar 2011-11-19 04:59:56 UTC (rev 319538)
@@ -0,0 +1,14 @@
+<?php
+/***stub of length 1041 including the halt compiler*********************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+*********************************************/
+__HALT_COMPILER(); ?>
+T�������������������������a.php�������N����^�d\������������b.php�������N������mŶ�������hi1hi2�,�����'��e�:��İ7������GBMB
\ No newline at end of file
Added: php/php-src/branches/PHP_5_4/ext/phar/tests/files/stuboflength1041.phar.inc
===================================================================
--- php/php-src/branches/PHP_5_4/ext/phar/tests/files/stuboflength1041.phar.inc (rev 0)
+++ php/php-src/branches/PHP_5_4/ext/phar/tests/files/stuboflength1041.phar.inc 2011-11-19 04:59:56 UTC (rev 319538)
@@ -0,0 +1,21 @@
+<?php
+
+@unlink(__DIR__ . '/stuboflength1041.phar');
+
+$phar = new Phar('./stuboflength1041.phar');
+$phar['a.php'] = 'hi1';
+$phar['b.php'] = 'hi2';
+
+$phar->setStub('<?php
+/***stub of length 1041 including the halt compiler*********************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+*********************************************/
+__HALT_COMPILER();');
\ No newline at end of file
Modified: php/php-src/trunk/ext/phar/phar.c
===================================================================
--- php/php-src/trunk/ext/phar/phar.c 2011-11-19 04:52:06 UTC (rev 319537)
+++ php/php-src/trunk/ext/phar/phar.c 2011-11-19 04:59:56 UTC (rev 319538)
@@ -1569,7 +1569,9 @@
const char zip_magic[] = "PK\x03\x04";
const char gz_magic[] = "\x1f\x8b\x08";
const char bz_magic[] = "BZh";
- char *pos, buffer[1024 + sizeof(token)], test = '\0';
+ char *pos, test = '\0';
+ const int window_size = 1024;
+ char buffer[window_size + sizeof(token)]; /* a 1024 byte window + the size of the halt_compiler token (moving window) */
const long readsize = sizeof(buffer) - sizeof(token);
const long tokenlen = sizeof(token) - 1;
long halt_offset;
@@ -1717,7 +1719,7 @@
}
halt_offset += got;
- memmove(buffer, buffer + tokenlen, got + 1);
+ memmove(buffer, buffer + window_size, tokenlen); /* move the memory buffer by the size of the window */
}
MAPPHAR_ALLOC_FAIL("internal corruption of phar \"%s\" (__HALT_COMPILER(); not found)")
Added: php/php-src/trunk/ext/phar/tests/bug60164.phpt
===================================================================
--- php/php-src/trunk/ext/phar/tests/bug60164.phpt (rev 0)
+++ php/php-src/trunk/ext/phar/tests/bug60164.phpt 2011-11-19 04:59:56 UTC (rev 319538)
@@ -0,0 +1,21 @@
+--TEST--
+Phar: verify stub of specific length does not break __HALT_COMPILER(); scanning in php
+--SKIPIF--
+<?php
+if (!extension_loaded("phar")) die("skip");
+?>
+--INI--
+phar.require_hash=0
+phar.readonly=0
+--FILE--
+<?php
+$phar = __DIR__ . '/files/stuboflength1041.phar';
+foreach (new RecursiveIteratorIterator(new Phar($phar, null, 'stuboflength1041.phar')) as $item) {
+ var_dump($item->getFileName());
+}
+?>
+===DONE===
+--EXPECT--
+string(5) "a.php"
+string(5) "b.php"
+===DONE===
\ No newline at end of file
Added: php/php-src/trunk/ext/phar/tests/files/stuboflength1041.phar
===================================================================
--- php/php-src/trunk/ext/phar/tests/files/stuboflength1041.phar (rev 0)
+++ php/php-src/trunk/ext/phar/tests/files/stuboflength1041.phar 2011-11-19 04:59:56 UTC (rev 319538)
@@ -0,0 +1,14 @@
+<?php
+/***stub of length 1041 including the halt compiler*********************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+*********************************************/
+__HALT_COMPILER(); ?>
+T�������������������������a.php�������N����^�d\������������b.php�������N������mŶ�������hi1hi2�,�����'��e�:��İ7������GBMB
\ No newline at end of file
Added: php/php-src/trunk/ext/phar/tests/files/stuboflength1041.phar.inc
===================================================================
--- php/php-src/trunk/ext/phar/tests/files/stuboflength1041.phar.inc (rev 0)
+++ php/php-src/trunk/ext/phar/tests/files/stuboflength1041.phar.inc 2011-11-19 04:59:56 UTC (rev 319538)
@@ -0,0 +1,21 @@
+<?php
+
+@unlink(__DIR__ . '/stuboflength1041.phar');
+
+$phar = new Phar('./stuboflength1041.phar');
+$phar['a.php'] = 'hi1';
+$phar['b.php'] = 'hi2';
+
+$phar->setStub('<?php
+/***stub of length 1041 including the halt compiler*********************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+*********************************************/
+__HALT_COMPILER();');
\ No newline at end of file
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
