cellog Sat Oct 11 19:12:11 2008 UTC Modified files: (Branch: PHP_5_2) /php-src NEWS /php-src/ext/zlib zlib_filter.c /php-src/ext/bz2 bz2_filter.c Log: fix Bug #46026: bz2.decompress/zlib.inflate filter tries to decompress after end of stream http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1251&r2=1.2027.2.547.2.1252&diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.1251 php-src/NEWS:1.2027.2.547.2.1252 --- php-src/NEWS:1.2027.2.547.2.1251 Fri Oct 10 16:49:26 2008 +++ php-src/NEWS Sat Oct 11 19:12:11 2008 @@ -5,6 +5,8 @@ and $this->$method()). (Dmitry) - Fixed bug #46139 (PDOStatement->setFetchMode() forgets FETCH_PROPS_LATE). (chsc at peytz dot dk, Felipe) +- Fixed bug #46026 (bzip2.decompress/zlib.inflate filter tries to decompress + after end of stream). (Keisial at gmail dot com, Greg) - Fixed bug #44251, #41125 (PDO + quote() + prepare() can result in seg fault). (tsteiner at nerdclub dot net) http://cvs.php.net/viewvc.cgi/php-src/ext/zlib/zlib_filter.c?r1=1.6.2.2.2.11&r2=1.6.2.2.2.12&diff_format=u Index: php-src/ext/zlib/zlib_filter.c diff -u php-src/ext/zlib/zlib_filter.c:1.6.2.2.2.11 php-src/ext/zlib/zlib_filter.c:1.6.2.2.2.12 --- php-src/ext/zlib/zlib_filter.c:1.6.2.2.2.11 Tue Feb 12 23:29:18 2008 +++ php-src/ext/zlib/zlib_filter.c Sat Oct 11 19:12:11 2008 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: zlib_filter.c,v 1.6.2.2.2.11 2008/02/12 23:29:18 cellog Exp $ */ +/* $Id: zlib_filter.c,v 1.6.2.2.2.12 2008/10/11 19:12:11 cellog Exp $ */ #include "php.h" #include "php_zlib.h" @@ -31,6 +31,7 @@ size_t inbuf_len; char *outbuf; size_t outbuf_len; + zend_bool finished; } php_zlib_filter_data; /* }}} */ @@ -81,6 +82,12 @@ bucket = php_stream_bucket_make_writeable(buckets_in->head TSRMLS_CC); while (bin < bucket->buflen) { + + if (data->finished) { + consumed += bucket->buflen; + break; + } + desired = bucket->buflen - bin; if (desired > data->inbuf_len) { desired = data->inbuf_len; @@ -89,7 +96,10 @@ data->strm.avail_in = desired; status = inflate(&(data->strm), flags & PSFS_FLAG_FLUSH_CLOSE ? Z_FINISH : Z_SYNC_FLUSH); - if (status != Z_OK && status != Z_STREAM_END) { + if (status == Z_STREAM_END) { + inflateEnd(&(data->strm)); + data->finished = '\1'; + } else if (status != Z_OK) { /* Something bad happened */ php_stream_bucket_delref(bucket TSRMLS_CC); return PSFS_ERR_FATAL; @@ -118,7 +128,7 @@ php_stream_bucket_delref(bucket TSRMLS_CC); } - if (flags & PSFS_FLAG_FLUSH_CLOSE) { + if (!data->finished && flags & PSFS_FLAG_FLUSH_CLOSE) { /* Spit it out! */ status = Z_OK; while (status == Z_OK) { @@ -146,7 +156,9 @@ { if (thisfilter && thisfilter->abstract) { php_zlib_filter_data *data = thisfilter->abstract; - inflateEnd(&(data->strm)); + if (!data->finished) { + inflateEnd(&(data->strm)); + } pefree(data->inbuf, data->persistent); pefree(data->outbuf, data->persistent); pefree(data, data->persistent); @@ -330,6 +342,7 @@ } /* RFC 1951 Inflate */ + data->finished = '\0'; status = inflateInit2(&(data->strm), windowBits); fops = &php_zlib_inflate_ops; } else if (strcasecmp(filtername, "zlib.deflate") == 0) { http://cvs.php.net/viewvc.cgi/php-src/ext/bz2/bz2_filter.c?r1=1.3.2.2.2.9&r2=1.3.2.2.2.10&diff_format=u Index: php-src/ext/bz2/bz2_filter.c diff -u php-src/ext/bz2/bz2_filter.c:1.3.2.2.2.9 php-src/ext/bz2/bz2_filter.c:1.3.2.2.2.10 --- php-src/ext/bz2/bz2_filter.c:1.3.2.2.2.9 Sat Jan 12 22:04:03 2008 +++ php-src/ext/bz2/bz2_filter.c Sat Oct 11 19:12:11 2008 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: bz2_filter.c,v 1.3.2.2.2.9 2008/01/12 22:04:03 cellog Exp $ */ +/* $Id: bz2_filter.c,v 1.3.2.2.2.10 2008/10/11 19:12:11 cellog Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -34,6 +34,7 @@ size_t inbuf_len; char *outbuf; size_t outbuf_len; + zend_bool finished; } php_bz2_filter_data; /* }}} */ @@ -82,6 +83,11 @@ bucket = php_stream_bucket_make_writeable(buckets_in->head TSRMLS_CC); while (bin < bucket->buflen) { + if (data->finished) { + consumed += bucket->buflen; + break; + } + desired = bucket->buflen - bin; if (desired > data->inbuf_len) { desired = data->inbuf_len; @@ -90,7 +96,11 @@ data->strm.avail_in = desired; status = BZ2_bzDecompress(&(data->strm)); - if (status != BZ_OK && status != BZ_STREAM_END) { + + if (status == BZ_STREAM_END) { + BZ2_bzDecompressEnd(&(data->strm)); + data->finished = '\1'; + } else if (status != BZ_OK) { /* Something bad happened */ php_stream_bucket_delref(bucket TSRMLS_CC); return PSFS_ERR_FATAL; @@ -115,10 +125,11 @@ return PSFS_PASS_ON; } } + php_stream_bucket_delref(bucket TSRMLS_CC); } - if (flags & PSFS_FLAG_FLUSH_CLOSE) { + if (!data->finished && (flags & PSFS_FLAG_FLUSH_CLOSE)) { /* Spit it out! */ status = BZ_OK; while (status == BZ_OK) { @@ -148,7 +159,9 @@ { if (thisfilter && thisfilter->abstract) { php_bz2_filter_data *data = thisfilter->abstract; - BZ2_bzDecompressEnd(&(data->strm)); + if (!data->finished) { + BZ2_bzDecompressEnd(&(data->strm)); + } pefree(data->inbuf, data->persistent); pefree(data->outbuf, data->persistent); pefree(data, data->persistent); @@ -327,6 +340,7 @@ } status = BZ2_bzDecompressInit(&(data->strm), 0, smallFootprint); + data->finished = '\0'; fops = &php_bz2_decompress_ops; } else if (strcasecmp(filtername, "bzip2.compress") == 0) { int blockSize100k = PHP_BZ2_FILTER_DEFAULT_BLOCKSIZE;
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php