Edit report at https://bugs.php.net/bug.php?id=60164&edit=1
ID: 60164
Updated by: s...@php.net
Reported by: ralph at ralphschindler dot com
Summary: Stubs of a specific length break phar_open_from_fp
scanning for __HALT_COMPILER
-Status: Feedback
+Status: Closed
Type: Bug
Package: PHAR related
Operating System: All
PHP Version: 5.3SVN-2011-10-28 (snap)
-Assigned To:
+Assigned To: stas
Block user comment: N
Private report: N
New Comment:
This bug has been fixed in SVN.
Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
For Windows:
http://windows.php.net/snapshots/
Thank you for the report, and for helping us make PHP better.
Previous Comments:
------------------------------------------------------------------------
[2011-11-19 04:59:46] s...@php.net
Automatic comment from SVN on behalf of stas
Revision: http://svn.php.net/viewvc/?view=revision&revision=319538
Log: fix bug #60164 (Stubs of a specific length break phar_open_from_fp
scanning for __HALT_COMPILER)
------------------------------------------------------------------------
[2011-11-08 04:45:13] s...@php.net
I don't see a patch attached to the bug. Could you attach it?
------------------------------------------------------------------------
[2011-10-28 19:50:36] ralph at ralphschindler dot com
This is the fix for the issue:
https://github.com/ralphschindler/php-
src/commit/5bf57e28b7090aaf0428a984b90a11d25c12b22e
I will prepare a patch for trunk/5_3/5_4 along with tests.
------------------------------------------------------------------------
[2011-10-28 19:46:37] ralph at ralphschindler dot com
Description:
------------
Stubs who's content before the __HALT_COMPILER(); registers between 1007 - 1023
bytes (or an interval thereof) will force the function phar_open_from_fp() to
incorrectly throw an MAPPHAR_ALLOC_FAIL() or:
Fatal error: Uncaught exception 'UnexpectedValueException' with message
'internal
corruption of phar "xxx/test.phar" (__HALT_COMPILER(); not found)' in
xxx/test.php:5
This is due to an incorrect index in the memmove() call inside the function
that
shifts the buffer to inspect the contents for the __HALT_COMPILER() token.
THis bug is exposed when opening a phar and iterating the contents.
Attached is a sample phar, test script, and patch
Test script:
---------------
<?php
$phar = __DIR__ . '/test.phar';
foreach (new RecursiveIteratorIterator(new Phar($phar, null, 'test.phar')) as
$item) {
echo $item . PHP_EOL;
}
?>
Expected result:
----------------
Iterate the results.
Actual result:
--------------
Fatal error: Uncaught exception 'UnexpectedValueException' with message
'internal
corruption of phar "xxx/test.phar" (__HALT_COMPILER(); not found)' in
xxx/test.php:5
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=60164&edit=1
