stas                                     Sun, 30 Jan 2011 22:28:57 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=307867

Log:
fix bug 53885 (ZipArchive segfault with FL_UNCHANGED on empty archive)

Bug: http://bugs.php.net/53885 (Open) ZipArchive segfault with FL_UNCHANGED on 
empty archive
      
Changed paths:
    U   php/php-src/branches/PHP_5_3/NEWS
    U   php/php-src/branches/PHP_5_3/ext/zip/lib/zip_name_locate.c
    A   php/php-src/branches/PHP_5_3/ext/zip/tests/bug53885.phpt
    U   php/php-src/trunk/ext/zip/lib/zip_name_locate.c
    A   php/php-src/trunk/ext/zip/tests/bug53885.phpt

Modified: php/php-src/branches/PHP_5_3/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3/NEWS   2011-01-30 22:16:39 UTC (rev 307866)
+++ php/php-src/branches/PHP_5_3/NEWS   2011-01-30 22:28:57 UTC (rev 307867)
@@ -154,6 +154,8 @@
   . Fixed bug #53603 (ZipArchive should quiet stat errors). (brad dot froehle 
at
     gmail dot com, Gustavo)
   . Fixed bug #53854 (Missing constants for compression type). (Richard, Adam)
+  . Fixed bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive).
+    (Stas, Maksymilian Arciemowicz).

 06 Jan 2011, PHP 5.3.5
 - Fixed Bug #53632 (infinite loop with x87 fpu). (CVE-2010-4645) (Scott,

Modified: php/php-src/branches/PHP_5_3/ext/zip/lib/zip_name_locate.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/zip/lib/zip_name_locate.c  2011-01-30 
22:16:39 UTC (rev 307866)
+++ php/php-src/branches/PHP_5_3/ext/zip/lib/zip_name_locate.c  2011-01-30 
22:28:57 UTC (rev 307867)
@@ -60,6 +60,10 @@
        return -1;
     }

+    if((flags & ZIP_FL_UNCHANGED)  && !za->cdir) {
+       return -1;
+    }
+
     cmp = (flags & ZIP_FL_NOCASE) ? strcmpi : strcmp;

     n = (flags & ZIP_FL_UNCHANGED) ? za->cdir->nentry : za->nentry;

Added: php/php-src/branches/PHP_5_3/ext/zip/tests/bug53885.phpt
===================================================================
--- php/php-src/branches/PHP_5_3/ext/zip/tests/bug53885.phpt                    
        (rev 0)
+++ php/php-src/branches/PHP_5_3/ext/zip/tests/bug53885.phpt    2011-01-30 
22:28:57 UTC (rev 307867)
@@ -0,0 +1,19 @@
+--TEST--
+Bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive)
+--SKIPIF--
+<?php
+if(!extension_loaded('zip')) die('skip');
+?>
+--FILE--
+<?php
+$fname = dirname(__FILE__)."/test53885.zip";
+if(file_exists($fname)) unlink($fname);
+touch($fname);
+$nx=new ZipArchive();
+$nx->open($fname);
+$nx->locateName("a",ZIPARCHIVE::FL_UNCHANGED);
+$nx->statName("a",ZIPARCHIVE::FL_UNCHANGED);
+?>
+==DONE==
+--EXPECTF--
+==DONE==

Modified: php/php-src/trunk/ext/zip/lib/zip_name_locate.c
===================================================================
--- php/php-src/trunk/ext/zip/lib/zip_name_locate.c     2011-01-30 22:16:39 UTC 
(rev 307866)
+++ php/php-src/trunk/ext/zip/lib/zip_name_locate.c     2011-01-30 22:28:57 UTC 
(rev 307867)
@@ -60,6 +60,10 @@
        return -1;
     }

+    if((flags & ZIP_FL_UNCHANGED)  && !za->cdir) {
+       return -1;
+    }
+
     cmp = (flags & ZIP_FL_NOCASE) ? strcmpi : strcmp;

     n = (flags & ZIP_FL_UNCHANGED) ? za->cdir->nentry : za->nentry;

Added: php/php-src/trunk/ext/zip/tests/bug53885.phpt
===================================================================
--- php/php-src/trunk/ext/zip/tests/bug53885.phpt                               
(rev 0)
+++ php/php-src/trunk/ext/zip/tests/bug53885.phpt       2011-01-30 22:28:57 UTC 
(rev 307867)
@@ -0,0 +1,19 @@
+--TEST--
+Bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive)
+--SKIPIF--
+<?php
+if(!extension_loaded('zip')) die('skip');
+?>
+--FILE--
+<?php
+$fname = dirname(__FILE__)."/test53885.zip";
+if(file_exists($fname)) unlink($fname);
+touch($fname);
+$nx=new ZipArchive();
+$nx->open($fname);
+$nx->locateName("a",ZIPARCHIVE::FL_UNCHANGED);
+$nx->statName("a",ZIPARCHIVE::FL_UNCHANGED);
+?>
+==DONE==
+--EXPECTF--
+==DONE==

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to