stas Sun, 30 Jan 2011 22:28:57 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=307867
Log: fix bug 53885 (ZipArchive segfault with FL_UNCHANGED on empty archive) Bug: http://bugs.php.net/53885 (Open) ZipArchive segfault with FL_UNCHANGED on empty archive Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/zip/lib/zip_name_locate.c A php/php-src/branches/PHP_5_3/ext/zip/tests/bug53885.phpt U php/php-src/trunk/ext/zip/lib/zip_name_locate.c A php/php-src/trunk/ext/zip/tests/bug53885.phpt Modified: php/php-src/branches/PHP_5_3/NEWS =================================================================== --- php/php-src/branches/PHP_5_3/NEWS 2011-01-30 22:16:39 UTC (rev 307866) +++ php/php-src/branches/PHP_5_3/NEWS 2011-01-30 22:28:57 UTC (rev 307867) @@ -154,6 +154,8 @@ . Fixed bug #53603 (ZipArchive should quiet stat errors). (brad dot froehle at gmail dot com, Gustavo) . Fixed bug #53854 (Missing constants for compression type). (Richard, Adam) + . Fixed bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive). + (Stas, Maksymilian Arciemowicz). 06 Jan 2011, PHP 5.3.5 - Fixed Bug #53632 (infinite loop with x87 fpu). (CVE-2010-4645) (Scott, Modified: php/php-src/branches/PHP_5_3/ext/zip/lib/zip_name_locate.c =================================================================== --- php/php-src/branches/PHP_5_3/ext/zip/lib/zip_name_locate.c 2011-01-30 22:16:39 UTC (rev 307866) +++ php/php-src/branches/PHP_5_3/ext/zip/lib/zip_name_locate.c 2011-01-30 22:28:57 UTC (rev 307867) @@ -60,6 +60,10 @@ return -1; } + if((flags & ZIP_FL_UNCHANGED) && !za->cdir) { + return -1; + } + cmp = (flags & ZIP_FL_NOCASE) ? strcmpi : strcmp; n = (flags & ZIP_FL_UNCHANGED) ? za->cdir->nentry : za->nentry; Added: php/php-src/branches/PHP_5_3/ext/zip/tests/bug53885.phpt =================================================================== --- php/php-src/branches/PHP_5_3/ext/zip/tests/bug53885.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/ext/zip/tests/bug53885.phpt 2011-01-30 22:28:57 UTC (rev 307867) @@ -0,0 +1,19 @@ +--TEST-- +Bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive) +--SKIPIF-- +<?php +if(!extension_loaded('zip')) die('skip'); +?> +--FILE-- +<?php +$fname = dirname(__FILE__)."/test53885.zip"; +if(file_exists($fname)) unlink($fname); +touch($fname); +$nx=new ZipArchive(); +$nx->open($fname); +$nx->locateName("a",ZIPARCHIVE::FL_UNCHANGED); +$nx->statName("a",ZIPARCHIVE::FL_UNCHANGED); +?> +==DONE== +--EXPECTF-- +==DONE== Modified: php/php-src/trunk/ext/zip/lib/zip_name_locate.c =================================================================== --- php/php-src/trunk/ext/zip/lib/zip_name_locate.c 2011-01-30 22:16:39 UTC (rev 307866) +++ php/php-src/trunk/ext/zip/lib/zip_name_locate.c 2011-01-30 22:28:57 UTC (rev 307867) @@ -60,6 +60,10 @@ return -1; } + if((flags & ZIP_FL_UNCHANGED) && !za->cdir) { + return -1; + } + cmp = (flags & ZIP_FL_NOCASE) ? strcmpi : strcmp; n = (flags & ZIP_FL_UNCHANGED) ? za->cdir->nentry : za->nentry; Added: php/php-src/trunk/ext/zip/tests/bug53885.phpt =================================================================== --- php/php-src/trunk/ext/zip/tests/bug53885.phpt (rev 0) +++ php/php-src/trunk/ext/zip/tests/bug53885.phpt 2011-01-30 22:28:57 UTC (rev 307867) @@ -0,0 +1,19 @@ +--TEST-- +Bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive) +--SKIPIF-- +<?php +if(!extension_loaded('zip')) die('skip'); +?> +--FILE-- +<?php +$fname = dirname(__FILE__)."/test53885.zip"; +if(file_exists($fname)) unlink($fname); +touch($fname); +$nx=new ZipArchive(); +$nx->open($fname); +$nx->locateName("a",ZIPARCHIVE::FL_UNCHANGED); +$nx->statName("a",ZIPARCHIVE::FL_UNCHANGED); +?> +==DONE== +--EXPECTF-- +==DONE==
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php