cellog Sat Oct 11 19:12:11 2008 UTC
Modified files: (Branch: PHP_5_2)
/php-src NEWS
/php-src/ext/zlib zlib_filter.c
/php-src/ext/bz2 bz2_filter.c
Log:
fix Bug #46026: bz2.decompress/zlib.inflate filter tries to decompress after
end of stream
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1251&r2=1.2027.2.547.2.1252&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2027.2.547.2.1251 php-src/NEWS:1.2027.2.547.2.1252
--- php-src/NEWS:1.2027.2.547.2.1251 Fri Oct 10 16:49:26 2008
+++ php-src/NEWS Sat Oct 11 19:12:11 2008
@@ -5,6 +5,8 @@
and $this->$method()). (Dmitry)
- Fixed bug #46139 (PDOStatement->setFetchMode() forgets FETCH_PROPS_LATE).
(chsc at peytz dot dk, Felipe)
+- Fixed bug #46026 (bzip2.decompress/zlib.inflate filter tries to decompress
+ after end of stream). (Keisial at gmail dot com, Greg)
- Fixed bug #44251, #41125 (PDO + quote() + prepare() can result in seg fault).
(tsteiner at nerdclub dot net)
http://cvs.php.net/viewvc.cgi/php-src/ext/zlib/zlib_filter.c?r1=1.6.2.2.2.11&r2=1.6.2.2.2.12&diff_format=u
Index: php-src/ext/zlib/zlib_filter.c
diff -u php-src/ext/zlib/zlib_filter.c:1.6.2.2.2.11
php-src/ext/zlib/zlib_filter.c:1.6.2.2.2.12
--- php-src/ext/zlib/zlib_filter.c:1.6.2.2.2.11 Tue Feb 12 23:29:18 2008
+++ php-src/ext/zlib/zlib_filter.c Sat Oct 11 19:12:11 2008
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: zlib_filter.c,v 1.6.2.2.2.11 2008/02/12 23:29:18 cellog Exp $ */
+/* $Id: zlib_filter.c,v 1.6.2.2.2.12 2008/10/11 19:12:11 cellog Exp $ */
#include "php.h"
#include "php_zlib.h"
@@ -31,6 +31,7 @@
size_t inbuf_len;
char *outbuf;
size_t outbuf_len;
+ zend_bool finished;
} php_zlib_filter_data;
/* }}} */
@@ -81,6 +82,12 @@
bucket = php_stream_bucket_make_writeable(buckets_in->head
TSRMLS_CC);
while (bin < bucket->buflen) {
+
+ if (data->finished) {
+ consumed += bucket->buflen;
+ break;
+ }
+
desired = bucket->buflen - bin;
if (desired > data->inbuf_len) {
desired = data->inbuf_len;
@@ -89,7 +96,10 @@
data->strm.avail_in = desired;
status = inflate(&(data->strm), flags &
PSFS_FLAG_FLUSH_CLOSE ? Z_FINISH : Z_SYNC_FLUSH);
- if (status != Z_OK && status != Z_STREAM_END) {
+ if (status == Z_STREAM_END) {
+ inflateEnd(&(data->strm));
+ data->finished = '\1';
+ } else if (status != Z_OK) {
/* Something bad happened */
php_stream_bucket_delref(bucket TSRMLS_CC);
return PSFS_ERR_FATAL;
@@ -118,7 +128,7 @@
php_stream_bucket_delref(bucket TSRMLS_CC);
}
- if (flags & PSFS_FLAG_FLUSH_CLOSE) {
+ if (!data->finished && flags & PSFS_FLAG_FLUSH_CLOSE) {
/* Spit it out! */
status = Z_OK;
while (status == Z_OK) {
@@ -146,7 +156,9 @@
{
if (thisfilter && thisfilter->abstract) {
php_zlib_filter_data *data = thisfilter->abstract;
- inflateEnd(&(data->strm));
+ if (!data->finished) {
+ inflateEnd(&(data->strm));
+ }
pefree(data->inbuf, data->persistent);
pefree(data->outbuf, data->persistent);
pefree(data, data->persistent);
@@ -330,6 +342,7 @@
}
/* RFC 1951 Inflate */
+ data->finished = '\0';
status = inflateInit2(&(data->strm), windowBits);
fops = &php_zlib_inflate_ops;
} else if (strcasecmp(filtername, "zlib.deflate") == 0) {
http://cvs.php.net/viewvc.cgi/php-src/ext/bz2/bz2_filter.c?r1=1.3.2.2.2.9&r2=1.3.2.2.2.10&diff_format=u
Index: php-src/ext/bz2/bz2_filter.c
diff -u php-src/ext/bz2/bz2_filter.c:1.3.2.2.2.9
php-src/ext/bz2/bz2_filter.c:1.3.2.2.2.10
--- php-src/ext/bz2/bz2_filter.c:1.3.2.2.2.9 Sat Jan 12 22:04:03 2008
+++ php-src/ext/bz2/bz2_filter.c Sat Oct 11 19:12:11 2008
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: bz2_filter.c,v 1.3.2.2.2.9 2008/01/12 22:04:03 cellog Exp $ */
+/* $Id: bz2_filter.c,v 1.3.2.2.2.10 2008/10/11 19:12:11 cellog Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -34,6 +34,7 @@
size_t inbuf_len;
char *outbuf;
size_t outbuf_len;
+ zend_bool finished;
} php_bz2_filter_data;
/* }}} */
@@ -82,6 +83,11 @@
bucket = php_stream_bucket_make_writeable(buckets_in->head
TSRMLS_CC);
while (bin < bucket->buflen) {
+ if (data->finished) {
+ consumed += bucket->buflen;
+ break;
+ }
+
desired = bucket->buflen - bin;
if (desired > data->inbuf_len) {
desired = data->inbuf_len;
@@ -90,7 +96,11 @@
data->strm.avail_in = desired;
status = BZ2_bzDecompress(&(data->strm));
- if (status != BZ_OK && status != BZ_STREAM_END) {
+
+ if (status == BZ_STREAM_END) {
+ BZ2_bzDecompressEnd(&(data->strm));
+ data->finished = '\1';
+ } else if (status != BZ_OK) {
/* Something bad happened */
php_stream_bucket_delref(bucket TSRMLS_CC);
return PSFS_ERR_FATAL;
@@ -115,10 +125,11 @@
return PSFS_PASS_ON;
}
}
+
php_stream_bucket_delref(bucket TSRMLS_CC);
}
- if (flags & PSFS_FLAG_FLUSH_CLOSE) {
+ if (!data->finished && (flags & PSFS_FLAG_FLUSH_CLOSE)) {
/* Spit it out! */
status = BZ_OK;
while (status == BZ_OK) {
@@ -148,7 +159,9 @@
{
if (thisfilter && thisfilter->abstract) {
php_bz2_filter_data *data = thisfilter->abstract;
- BZ2_bzDecompressEnd(&(data->strm));
+ if (!data->finished) {
+ BZ2_bzDecompressEnd(&(data->strm));
+ }
pefree(data->inbuf, data->persistent);
pefree(data->outbuf, data->persistent);
pefree(data, data->persistent);
@@ -327,6 +340,7 @@
}
status = BZ2_bzDecompressInit(&(data->strm), 0, smallFootprint);
+ data->finished = '\0';
fops = &php_bz2_decompress_ops;
} else if (strcasecmp(filtername, "bzip2.compress") == 0) {
int blockSize100k = PHP_BZ2_FILTER_DEFAULT_BLOCKSIZE;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
