Edit report at https://bugs.php.net/bug.php?id=60164&edit=1

 ID:                 60164
 Updated by:         s...@php.net
 Reported by:        ralph at ralphschindler dot com
 Summary:            Stubs of a specific length break phar_open_from_fp
                     scanning for __HALT_COMPILER
-Status:             Feedback
+Status:             Closed
 Type:               Bug
 Package:            PHAR related
 Operating System:   All
 PHP Version:        5.3SVN-2011-10-28 (snap)
-Assigned To:        
+Assigned To:        stas
 Block user comment: N
 Private report:     N

 New Comment:

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.




Previous Comments:
------------------------------------------------------------------------
[2011-11-19 04:59:46] s...@php.net

Automatic comment from SVN on behalf of stas
Revision: http://svn.php.net/viewvc/?view=revision&revision=319538
Log: fix bug #60164 (Stubs of a specific length break phar_open_from_fp 
scanning for __HALT_COMPILER)

------------------------------------------------------------------------
[2011-11-08 04:45:13] s...@php.net

I don't see a patch attached to the bug. Could you attach it?

------------------------------------------------------------------------
[2011-10-28 19:50:36] ralph at ralphschindler dot com

This is the fix for the issue:

https://github.com/ralphschindler/php-
src/commit/5bf57e28b7090aaf0428a984b90a11d25c12b22e

I will prepare a patch for trunk/5_3/5_4 along with tests.

------------------------------------------------------------------------
[2011-10-28 19:46:37] ralph at ralphschindler dot com

Description:
------------
Stubs who's content before the __HALT_COMPILER(); registers between 1007 - 1023 
bytes (or an interval thereof) will force the function phar_open_from_fp() to 
incorrectly throw an MAPPHAR_ALLOC_FAIL() or:

Fatal error: Uncaught exception 'UnexpectedValueException' with message 
'internal 
corruption of phar "xxx/test.phar" (__HALT_COMPILER(); not found)' in 
xxx/test.php:5

This is due to an incorrect index in the memmove() call inside the function 
that 
shifts the buffer to inspect the contents for the __HALT_COMPILER() token.

THis bug is exposed when opening a phar and iterating the contents.

Attached is a sample phar, test script, and patch

Test script:
---------------
<?php

$phar = __DIR__ . '/test.phar';

foreach (new RecursiveIteratorIterator(new Phar($phar, null, 'test.phar')) as 
$item) {
    echo $item . PHP_EOL;
}

?>


Expected result:
----------------
Iterate the results.

Actual result:
--------------
Fatal error: Uncaught exception 'UnexpectedValueException' with message 
'internal 
corruption of phar "xxx/test.phar" (__HALT_COMPILER(); not found)' in 
xxx/test.php:5


------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=60164&edit=1

Reply via email to