jani Wed, 09 Dec 2009 17:47:38 +0000
Revision: http://svn.php.net/viewvc?view=revision&revision=291925
Log:
- Fixed BC problem in new zlib implementation: truncated (invalid) short data
was not caught
Changed paths:
U php/php-src/trunk/ext/zlib/tests/006.phpt
U php/php-src/trunk/ext/zlib/tests/gzinflate-bug42663.phpt
U php/php-src/trunk/ext/zlib/zlib.c
Modified: php/php-src/trunk/ext/zlib/tests/006.phpt
===================================================================
--- php/php-src/trunk/ext/zlib/tests/006.phpt 2009-12-09 17:40:19 UTC (rev
291924)
+++ php/php-src/trunk/ext/zlib/tests/006.phpt 2009-12-09 17:47:38 UTC (rev
291925)
@@ -31,7 +31,6 @@
var_dump(gzinflate($data2));
$data2[4] = 0;
var_dump(gzinflate((binary)$data2));
-
echo "Done\n";
?>
--EXPECTF--
@@ -57,8 +56,12 @@
Warning: gzinflate(): length (-1) must be greater or equal zero in %s on line
%d
bool(false)
-string(0) ""
-string(0) ""
+
+Warning: gzinflate(): data error in %s on line %d
+bool(false)
+
+Warning: gzinflate(): data error in %s on line %d
+bool(false)
string(94) "Answer me, it can't be so hard
Cry to relieve what's in your heart
Desolation, grief and agony"
Modified: php/php-src/trunk/ext/zlib/tests/gzinflate-bug42663.phpt
===================================================================
--- php/php-src/trunk/ext/zlib/tests/gzinflate-bug42663.phpt 2009-12-09
17:40:19 UTC (rev 291924)
+++ php/php-src/trunk/ext/zlib/tests/gzinflate-bug42663.phpt 2009-12-09
17:47:38 UTC (rev 291925)
@@ -15,9 +15,12 @@
$truncated = substr($deflated, 0, 65535);
var_dump(strlen($truncated));
// inflate $truncated string (check if it will not eat all memory)
-gzinflate($truncated);
+var_dump(gzinflate($truncated));
?>
---EXPECT--
+--EXPECTF--
int(168890)
int(66743)
int(65535)
+
+Warning: gzinflate(): data error in %s on line %d
+bool(false)
Modified: php/php-src/trunk/ext/zlib/zlib.c
===================================================================
--- php/php-src/trunk/ext/zlib/zlib.c 2009-12-09 17:40:19 UTC (rev 291924)
+++ php/php-src/trunk/ext/zlib/zlib.c 2009-12-09 17:47:38 UTC (rev 291925)
@@ -344,15 +344,19 @@
}
} while ((Z_BUF_ERROR == status || (Z_OK == status && Z->avail_in)) &&
++round < 100);
- if (status == Z_OK || status == Z_STREAM_END) {
+ if (status == Z_STREAM_END) {
buffer.data = erealloc(buffer.data, buffer.used + 1);
buffer.data[buffer.used] = '\0';
*buf = buffer.data;
*len = buffer.used;
- } else if (buffer.data) {
- efree(buffer.data);
+ } else {
+ if (buffer.data) {
+ efree(buffer.data);
+ }
+ /* HACK: See zlib/examples/zpipe.c inf() function for
explanation. */
+ /* This works as long as this function is not used for
streaming. Required to catch very short invalid data. */
+ status = (status == Z_OK) ? Z_DATA_ERROR : status;
}
-
return status;
}
/* }}} */
@@ -375,7 +379,6 @@
Z.avail_in = in_len;
switch (status = php_zlib_inflate_rounds(&Z, max_len,
out_buf, out_len)) {
- case Z_OK:
case Z_STREAM_END:
inflateEnd(&Z);
return SUCCESS;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
