fix Bug #46032: PharData::__construct wrong memory read

author: Greg Beaver <cellog@php.net> 2008-09-11 03:29:15 +0000
committer: Greg Beaver <cellog@php.net> 2008-09-11 03:29:15 +0000
commit: e7b6fe1b4549a2625f471f71874a56f46c99106b (patch)
tree: c17532f604fd1d494ce48e781664ac30bb42c4ed
parent: 92a547c7e4e82964f7d22b4fee033486ecea8a37 (diff)
download: php-git-e7b6fe1b4549a2625f471f71874a56f46c99106b.tar.gz
2 files changed, 36 insertions, 3 deletions
diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c
index db82767e4f..a2d00cec94 100755
--- a/ext/phar/phar_object.c
+++ b/ext/phar/phar_object.c
@@ -1165,10 +1165,10 @@ PHP_METHOD(Phar, __construct)
 		return;
 	}
 
+	save_fname = fname;
 	if (SUCCESS == phar_split_fname(fname, fname_len, &arch, &arch_len, &entry, &entry_len, !is_data, 2 TSRMLS_CC)) {
 		/* use arch (the basename for the archive) for fname instead of fname */
 		/* this allows support for RecursiveDirectoryIterator of subdirectories */
-		save_fname = fname;
 #ifdef PHP_WIN32
 		phar_unixify_path_separators(arch, arch_len);
 #endif
@@ -1178,7 +1178,6 @@ PHP_METHOD(Phar, __construct)
 	} else {
 		arch = estrndup(fname, fname_len);
 		arch_len = fname_len;
-		save_fname = fname;
 		fname = arch;
 		phar_unixify_path_separators(arch, arch_len);
 #endif
@@ -1186,7 +1185,7 @@ PHP_METHOD(Phar, __construct)
 
 	if (phar_open_or_create_filename(fname, fname_len, alias, alias_len, is_data, REPORT_ERRORS, &phar_data, &error TSRMLS_CC) == FAILURE) {
 
-		if (fname == arch) {
+		if (fname == arch && fname != save_fname) {
 			efree(arch);
 			fname = save_fname;
 		}
diff --git a/ext/phar/tests/bug46032.phpt b/ext/phar/tests/bug46032.phpt
new file mode 100644
index 0000000000..be42b04b5c
--- /dev/null
+++ b/ext/phar/tests/bug46032.phpt
@@ -0,0 +1,34 @@
+--TEST--
+Phar: bug #46032: PharData::__construct wrong memory read
+--SKIPIF--
+<?php if (!extension_loaded("phar")) die("skip"); ?>
+<?php if (getenv('SKIP_SLOW_TESTS')) die('skip'); ?>
+--FILE--
+<?php
+
+$a = __DIR__ .'/mytest';
+
+try {
+	new phar($a);
+} catch (exception $e) { }
+
+var_dump($a);
+
+try {
+	new phar($a);
+} catch (exception $e) { }
+
+var_dump($a);
+
+new phardata('0000000000000000000');
+?>
+===DONE===
+--EXPECTF--
+string(%d) "%smytest"
+string(%d) "%smytest"
+
+Fatal error: Uncaught exception 'UnexpectedValueException' with message 'Cannot create phar '0000000000000000000', file extension (or combination) not recognised' in %sbug46032.php:%d
+Stack trace:
+#0 /home/cellog/workspace/php5/ext/phar/tests/bug46032.php(%d): PharData->__construct('000000000000000...')
+#1 {main}
+  thrown in %sbug46032.php on line %d
author	Greg Beaver <cellog@php.net>	2008-09-11 03:29:15 +0000
committer	Greg Beaver <cellog@php.net>	2008-09-11 03:29:15 +0000
commit	e7b6fe1b4549a2625f471f71874a56f46c99106b (patch)
tree	c17532f604fd1d494ce48e781664ac30bb42c4ed
parent	92a547c7e4e82964f7d22b4fee033486ecea8a37 (diff)
download	php-git-e7b6fe1b4549a2625f471f71874a56f46c99106b.tar.gz