jani                                     Wed, 09 Dec 2009 17:47:38 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=291925

Log:
- Fixed BC problem in new zlib implementation: truncated (invalid) short data 
was not caught

Changed paths:
    U   php/php-src/trunk/ext/zlib/tests/006.phpt
    U   php/php-src/trunk/ext/zlib/tests/gzinflate-bug42663.phpt
    U   php/php-src/trunk/ext/zlib/zlib.c

Modified: php/php-src/trunk/ext/zlib/tests/006.phpt
===================================================================
--- php/php-src/trunk/ext/zlib/tests/006.phpt   2009-12-09 17:40:19 UTC (rev 
291924)
+++ php/php-src/trunk/ext/zlib/tests/006.phpt   2009-12-09 17:47:38 UTC (rev 
291925)
@@ -31,7 +31,6 @@
 var_dump(gzinflate($data2));
 $data2[4] = 0;
 var_dump(gzinflate((binary)$data2));
-
 echo "Done\n";
 ?>
 --EXPECTF--
@@ -57,8 +56,12 @@

 Warning: gzinflate(): length (-1) must be greater or equal zero in %s on line 
%d
 bool(false)
-string(0) ""
-string(0) ""
+
+Warning: gzinflate(): data error in %s on line %d
+bool(false)
+
+Warning: gzinflate(): data error in %s on line %d
+bool(false)
 string(94) "Answer me, it can't be so hard
 Cry to relieve what's in your heart
 Desolation, grief and agony"

Modified: php/php-src/trunk/ext/zlib/tests/gzinflate-bug42663.phpt
===================================================================
--- php/php-src/trunk/ext/zlib/tests/gzinflate-bug42663.phpt    2009-12-09 
17:40:19 UTC (rev 291924)
+++ php/php-src/trunk/ext/zlib/tests/gzinflate-bug42663.phpt    2009-12-09 
17:47:38 UTC (rev 291925)
@@ -15,9 +15,12 @@
 $truncated = substr($deflated, 0, 65535);
 var_dump(strlen($truncated));
 // inflate $truncated string (check if it will not eat all memory)
-gzinflate($truncated);
+var_dump(gzinflate($truncated));
 ?>
---EXPECT--
+--EXPECTF--
 int(168890)
 int(66743)
 int(65535)
+
+Warning: gzinflate(): data error in %s on line %d
+bool(false)

Modified: php/php-src/trunk/ext/zlib/zlib.c
===================================================================
--- php/php-src/trunk/ext/zlib/zlib.c   2009-12-09 17:40:19 UTC (rev 291924)
+++ php/php-src/trunk/ext/zlib/zlib.c   2009-12-09 17:47:38 UTC (rev 291925)
@@ -344,15 +344,19 @@
                }
        } while ((Z_BUF_ERROR == status || (Z_OK == status && Z->avail_in)) && 
++round < 100);

-       if (status == Z_OK || status == Z_STREAM_END) {
+       if (status == Z_STREAM_END) {
                buffer.data = erealloc(buffer.data, buffer.used + 1);
                buffer.data[buffer.used] = '\0';
                *buf = buffer.data;
                *len = buffer.used;
-       } else if (buffer.data) {
-               efree(buffer.data);
+       } else {
+               if (buffer.data) {
+                       efree(buffer.data);
+               }
+               /* HACK: See zlib/examples/zpipe.c inf() function for 
explanation. */
+               /* This works as long as this function is not used for 
streaming. Required to catch very short invalid data. */
+               status = (status == Z_OK) ? Z_DATA_ERROR : status;
        }
-
        return status;
 }
 /* }}} */
@@ -375,7 +379,6 @@
                        Z.avail_in = in_len;

                        switch (status = php_zlib_inflate_rounds(&Z, max_len, 
out_buf, out_len)) {
-                               case Z_OK:
                                case Z_STREAM_END:
                                        inflateEnd(&Z);
                                        return SUCCESS;

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to