cellog          Sat Oct 11 19:12:11 2008 UTC

  Modified files:              (Branch: PHP_5_2)
    /php-src    NEWS 
    /php-src/ext/zlib   zlib_filter.c 
    /php-src/ext/bz2    bz2_filter.c 
  Log:
  fix Bug #46026: bz2.decompress/zlib.inflate filter tries to decompress after 
end of stream
  
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1251&r2=1.2027.2.547.2.1252&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2027.2.547.2.1251 php-src/NEWS:1.2027.2.547.2.1252
--- php-src/NEWS:1.2027.2.547.2.1251    Fri Oct 10 16:49:26 2008
+++ php-src/NEWS        Sat Oct 11 19:12:11 2008
@@ -5,6 +5,8 @@
   and $this->$method()). (Dmitry)
 - Fixed bug #46139 (PDOStatement->setFetchMode() forgets FETCH_PROPS_LATE).
   (chsc at peytz dot dk, Felipe)
+- Fixed bug #46026 (bzip2.decompress/zlib.inflate filter tries to decompress
+  after end of stream). (Keisial at gmail dot com, Greg)
 - Fixed bug #44251, #41125 (PDO + quote() + prepare() can result in seg fault).
   (tsteiner at nerdclub dot net)
 
http://cvs.php.net/viewvc.cgi/php-src/ext/zlib/zlib_filter.c?r1=1.6.2.2.2.11&r2=1.6.2.2.2.12&diff_format=u
Index: php-src/ext/zlib/zlib_filter.c
diff -u php-src/ext/zlib/zlib_filter.c:1.6.2.2.2.11 
php-src/ext/zlib/zlib_filter.c:1.6.2.2.2.12
--- php-src/ext/zlib/zlib_filter.c:1.6.2.2.2.11 Tue Feb 12 23:29:18 2008
+++ php-src/ext/zlib/zlib_filter.c      Sat Oct 11 19:12:11 2008
@@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
 */
 
-/* $Id: zlib_filter.c,v 1.6.2.2.2.11 2008/02/12 23:29:18 cellog Exp $ */
+/* $Id: zlib_filter.c,v 1.6.2.2.2.12 2008/10/11 19:12:11 cellog Exp $ */
 
 #include "php.h"
 #include "php_zlib.h"
@@ -31,6 +31,7 @@
        size_t inbuf_len;
        char *outbuf;
        size_t outbuf_len;
+       zend_bool finished;
 } php_zlib_filter_data;
 
 /* }}} */
@@ -81,6 +82,12 @@
 
                bucket = php_stream_bucket_make_writeable(buckets_in->head 
TSRMLS_CC);
                while (bin < bucket->buflen) {
+
+                       if (data->finished) {
+                               consumed += bucket->buflen;
+                               break;
+                       }
+
                        desired = bucket->buflen - bin;
                        if (desired > data->inbuf_len) {
                                desired = data->inbuf_len;
@@ -89,7 +96,10 @@
                        data->strm.avail_in = desired;
 
                        status = inflate(&(data->strm), flags & 
PSFS_FLAG_FLUSH_CLOSE ? Z_FINISH : Z_SYNC_FLUSH);
-                       if (status != Z_OK && status != Z_STREAM_END) {
+                       if (status == Z_STREAM_END) {
+                               inflateEnd(&(data->strm));
+                               data->finished = '\1';
+                       } else if (status != Z_OK) {
                                /* Something bad happened */
                                php_stream_bucket_delref(bucket TSRMLS_CC);
                                return PSFS_ERR_FATAL;
@@ -118,7 +128,7 @@
                php_stream_bucket_delref(bucket TSRMLS_CC);
        }
 
-       if (flags & PSFS_FLAG_FLUSH_CLOSE) {
+       if (!data->finished && flags & PSFS_FLAG_FLUSH_CLOSE) {
                /* Spit it out! */
                status = Z_OK;
                while (status == Z_OK) {
@@ -146,7 +156,9 @@
 {
        if (thisfilter && thisfilter->abstract) {
                php_zlib_filter_data *data = thisfilter->abstract;
-               inflateEnd(&(data->strm));
+               if (!data->finished) {
+                       inflateEnd(&(data->strm));
+               }
                pefree(data->inbuf, data->persistent);
                pefree(data->outbuf, data->persistent);
                pefree(data, data->persistent);
@@ -330,6 +342,7 @@
                }
 
                /* RFC 1951 Inflate */
+               data->finished = '\0';
                status = inflateInit2(&(data->strm), windowBits);
                fops = &php_zlib_inflate_ops;
        } else if (strcasecmp(filtername, "zlib.deflate") == 0) {
http://cvs.php.net/viewvc.cgi/php-src/ext/bz2/bz2_filter.c?r1=1.3.2.2.2.9&r2=1.3.2.2.2.10&diff_format=u
Index: php-src/ext/bz2/bz2_filter.c
diff -u php-src/ext/bz2/bz2_filter.c:1.3.2.2.2.9 
php-src/ext/bz2/bz2_filter.c:1.3.2.2.2.10
--- php-src/ext/bz2/bz2_filter.c:1.3.2.2.2.9    Sat Jan 12 22:04:03 2008
+++ php-src/ext/bz2/bz2_filter.c        Sat Oct 11 19:12:11 2008
@@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
 */
 
-/* $Id: bz2_filter.c,v 1.3.2.2.2.9 2008/01/12 22:04:03 cellog Exp $ */
+/* $Id: bz2_filter.c,v 1.3.2.2.2.10 2008/10/11 19:12:11 cellog Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -34,6 +34,7 @@
        size_t inbuf_len;
        char *outbuf;
        size_t outbuf_len;
+       zend_bool finished;
 } php_bz2_filter_data;
 
 /* }}} */
@@ -82,6 +83,11 @@
 
                bucket = php_stream_bucket_make_writeable(buckets_in->head 
TSRMLS_CC);
                while (bin < bucket->buflen) {
+                       if (data->finished) {
+                               consumed += bucket->buflen;
+                               break;
+                       }
+
                        desired = bucket->buflen - bin;
                        if (desired > data->inbuf_len) {
                                desired = data->inbuf_len;
@@ -90,7 +96,11 @@
                        data->strm.avail_in = desired;
 
                        status = BZ2_bzDecompress(&(data->strm));
-                       if (status != BZ_OK && status != BZ_STREAM_END) {
+
+                       if (status == BZ_STREAM_END) {
+                               BZ2_bzDecompressEnd(&(data->strm));
+                               data->finished = '\1';
+                       } else if (status != BZ_OK) {
                                /* Something bad happened */
                                php_stream_bucket_delref(bucket TSRMLS_CC);
                                return PSFS_ERR_FATAL;
@@ -115,10 +125,11 @@
                                return PSFS_PASS_ON;
                        }
                }
+
                php_stream_bucket_delref(bucket TSRMLS_CC);
        }
 
-       if (flags & PSFS_FLAG_FLUSH_CLOSE) {
+       if (!data->finished && (flags & PSFS_FLAG_FLUSH_CLOSE)) {
                /* Spit it out! */
                status = BZ_OK;
                while (status == BZ_OK) {
@@ -148,7 +159,9 @@
 {
        if (thisfilter && thisfilter->abstract) {
                php_bz2_filter_data *data = thisfilter->abstract;
-               BZ2_bzDecompressEnd(&(data->strm));
+               if (!data->finished) {
+                       BZ2_bzDecompressEnd(&(data->strm));
+               }
                pefree(data->inbuf, data->persistent);
                pefree(data->outbuf, data->persistent);
                pefree(data, data->persistent);
@@ -327,6 +340,7 @@
                }
 
                status = BZ2_bzDecompressInit(&(data->strm), 0, smallFootprint);
+               data->finished = '\0';
                fops = &php_bz2_decompress_ops;
        } else if (strcasecmp(filtername, "bzip2.compress") == 0) {
                int blockSize100k = PHP_BZ2_FILTER_DEFAULT_BLOCKSIZE;



-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to