From:
Operating system: All
PHP version: 5.3SVN-2011-10-28 (snap)
Package: PHAR related
Bug Type: Bug
Bug description:Stubs of a specific length break phar_open_from_fp scanning for
__HALT_COMPILER
Description:
------------
Stubs who's content before the __HALT_COMPILER(); registers between 1007 -
1023
bytes (or an interval thereof) will force the function phar_open_from_fp()
to
incorrectly throw an MAPPHAR_ALLOC_FAIL() or:
Fatal error: Uncaught exception 'UnexpectedValueException' with message
'internal
corruption of phar "xxx/test.phar" (__HALT_COMPILER(); not found)' in
xxx/test.php:5
This is due to an incorrect index in the memmove() call inside the function
that
shifts the buffer to inspect the contents for the __HALT_COMPILER() token.
THis bug is exposed when opening a phar and iterating the contents.
Attached is a sample phar, test script, and patch
Test script:
---------------
<?php
$phar = __DIR__ . '/test.phar';
foreach (new RecursiveIteratorIterator(new Phar($phar, null, 'test.phar'))
as $item) {
echo $item . PHP_EOL;
}
?>
Expected result:
----------------
Iterate the results.
Actual result:
--------------
Fatal error: Uncaught exception 'UnexpectedValueException' with message
'internal
corruption of phar "xxx/test.phar" (__HALT_COMPILER(); not found)' in
xxx/test.php:5
--
Edit bug report at https://bugs.php.net/bug.php?id=60164&edit=1
--
Try a snapshot (PHP 5.4):
https://bugs.php.net/fix.php?id=60164&r=trysnapshot54
Try a snapshot (PHP 5.3):
https://bugs.php.net/fix.php?id=60164&r=trysnapshot53
Try a snapshot (trunk):
https://bugs.php.net/fix.php?id=60164&r=trysnapshottrunk
Fixed in SVN:
https://bugs.php.net/fix.php?id=60164&r=fixed
Fixed in SVN and need be documented:
https://bugs.php.net/fix.php?id=60164&r=needdocs
Fixed in release:
https://bugs.php.net/fix.php?id=60164&r=alreadyfixed
Need backtrace:
https://bugs.php.net/fix.php?id=60164&r=needtrace
Need Reproduce Script:
https://bugs.php.net/fix.php?id=60164&r=needscript
Try newer version:
https://bugs.php.net/fix.php?id=60164&r=oldversion
Not developer issue:
https://bugs.php.net/fix.php?id=60164&r=support
Expected behavior:
https://bugs.php.net/fix.php?id=60164&r=notwrong
Not enough info:
https://bugs.php.net/fix.php?id=60164&r=notenoughinfo
Submitted twice:
https://bugs.php.net/fix.php?id=60164&r=submittedtwice
register_globals:
https://bugs.php.net/fix.php?id=60164&r=globals
PHP 4 support discontinued:
https://bugs.php.net/fix.php?id=60164&r=php4
Daylight Savings: https://bugs.php.net/fix.php?id=60164&r=dst
IIS Stability:
https://bugs.php.net/fix.php?id=60164&r=isapi
Install GNU Sed:
https://bugs.php.net/fix.php?id=60164&r=gnused
Floating point limitations:
https://bugs.php.net/fix.php?id=60164&r=float
No Zend Extensions:
https://bugs.php.net/fix.php?id=60164&r=nozend
MySQL Configuration Error:
https://bugs.php.net/fix.php?id=60164&r=mysqlcfg
