diff options
author | Christoph M. Becker <cmbecker69@gmx.de> | 2020-04-22 15:09:14 +0200 |
---|---|---|
committer | Christoph M. Becker <cmbecker69@gmx.de> | 2020-04-22 15:09:14 +0200 |
commit | c33e5043a855db87699529348e465c1f5c6e65b8 (patch) | |
tree | 4b4188d7446ffbc7e42711cc82c285abaa87ea62 /ext/phar | |
parent | 6b2c002c41f374e4aefe46310b0bc72ac3378888 (diff) | |
parent | c705079b12984dab1901a32b4a0609f2ab8f449a (diff) | |
download | php-git-c33e5043a855db87699529348e465c1f5c6e65b8.tar.gz |
Merge branch 'PHP-7.4'
* PHP-7.4:
Fix #79503: Memory leak on duplicate metadata
Diffstat (limited to 'ext/phar')
-rw-r--r-- | ext/phar/tar.c | 8 | ||||
-rw-r--r-- | ext/phar/tests/bug79503.phar | bin | 0 -> 4001 bytes | |||
-rw-r--r-- | ext/phar/tests/bug79503.phpt | 16 |
3 files changed, 24 insertions, 0 deletions
diff --git a/ext/phar/tar.c b/ext/phar/tar.c index d1b19ee586..773bdbca70 100644 --- a/ext/phar/tar.c +++ b/ext/phar/tar.c @@ -181,9 +181,17 @@ static int phar_tar_process_metadata(phar_entry_info *entry, php_stream *fp) /* } if (entry->filename_len == sizeof(".phar/.metadata.bin")-1 && !memcmp(entry->filename, ".phar/.metadata.bin", sizeof(".phar/.metadata.bin")-1)) { + if (Z_TYPE(entry->phar->metadata) != IS_UNDEF) { + efree(metadata); + return FAILURE; + } entry->phar->metadata = entry->metadata; ZVAL_UNDEF(&entry->metadata); } else if (entry->filename_len >= sizeof(".phar/.metadata/") + sizeof("/.metadata.bin") - 1 && NULL != (mentry = zend_hash_str_find_ptr(&(entry->phar->manifest), entry->filename + sizeof(".phar/.metadata/") - 1, entry->filename_len - (sizeof("/.metadata.bin") - 1 + sizeof(".phar/.metadata/") - 1)))) { + if (Z_TYPE(mentry->metadata) != IS_UNDEF) { + efree(metadata); + return FAILURE; + } /* transfer this metadata to the entry it refers */ mentry->metadata = entry->metadata; ZVAL_UNDEF(&entry->metadata); diff --git a/ext/phar/tests/bug79503.phar b/ext/phar/tests/bug79503.phar Binary files differnew file mode 100644 index 0000000000..d378c6f3df --- /dev/null +++ b/ext/phar/tests/bug79503.phar diff --git a/ext/phar/tests/bug79503.phpt b/ext/phar/tests/bug79503.phpt new file mode 100644 index 0000000000..874330fac7 --- /dev/null +++ b/ext/phar/tests/bug79503.phpt @@ -0,0 +1,16 @@ +--TEST-- +Bug #79503 (Memory leak on duplicate metadata) +--SKIPIF-- +<?php +if (!extension_loaded('phar')) die('skip phar extension not available'); +?> +--FILE-- +<?php +try { + new Phar(__DIR__ . '/bug79503.phar'); +} catch (UnexpectedValueException $ex) { + echo $ex->getMessage(); +} +?> +--EXPECTF-- +phar error: tar-based phar "%s%ebug79503.phar" has invalid metadata in magic file ".phar/.metadata.bin" |