Edit report at https://bugs.php.net/bug.php?id=60164&edit=1
ID: 60164 Updated by: s...@php.net Reported by: ralph at ralphschindler dot com Summary: Stubs of a specific length break phar_open_from_fp scanning for __HALT_COMPILER -Status: Feedback +Status: Closed Type: Bug Package: PHAR related Operating System: All PHP Version: 5.3SVN-2011-10-28 (snap) -Assigned To: +Assigned To: stas Block user comment: N Private report: N New Comment: This bug has been fixed in SVN. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. For Windows: http://windows.php.net/snapshots/ Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2011-11-19 04:59:46] s...@php.net Automatic comment from SVN on behalf of stas Revision: http://svn.php.net/viewvc/?view=revision&revision=319538 Log: fix bug #60164 (Stubs of a specific length break phar_open_from_fp scanning for __HALT_COMPILER) ------------------------------------------------------------------------ [2011-11-08 04:45:13] s...@php.net I don't see a patch attached to the bug. Could you attach it? ------------------------------------------------------------------------ [2011-10-28 19:50:36] ralph at ralphschindler dot com This is the fix for the issue: https://github.com/ralphschindler/php- src/commit/5bf57e28b7090aaf0428a984b90a11d25c12b22e I will prepare a patch for trunk/5_3/5_4 along with tests. ------------------------------------------------------------------------ [2011-10-28 19:46:37] ralph at ralphschindler dot com Description: ------------ Stubs who's content before the __HALT_COMPILER(); registers between 1007 - 1023 bytes (or an interval thereof) will force the function phar_open_from_fp() to incorrectly throw an MAPPHAR_ALLOC_FAIL() or: Fatal error: Uncaught exception 'UnexpectedValueException' with message 'internal corruption of phar "xxx/test.phar" (__HALT_COMPILER(); not found)' in xxx/test.php:5 This is due to an incorrect index in the memmove() call inside the function that shifts the buffer to inspect the contents for the __HALT_COMPILER() token. THis bug is exposed when opening a phar and iterating the contents. Attached is a sample phar, test script, and patch Test script: --------------- <?php $phar = __DIR__ . '/test.phar'; foreach (new RecursiveIteratorIterator(new Phar($phar, null, 'test.phar')) as $item) { echo $item . PHP_EOL; } ?> Expected result: ---------------- Iterate the results. Actual result: -------------- Fatal error: Uncaught exception 'UnexpectedValueException' with message 'internal corruption of phar "xxx/test.phar" (__HALT_COMPILER(); not found)' in xxx/test.php:5 ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=60164&edit=1