Fix bug #76524 - ZipArchive memory leak

Bugfix #76524: Free up zip internal state and adjust the tests for Windows

Bugfix #76524: Fix possible use after free for libzip 1.3.1

Bugfix #76524: Make the test independent of platform

diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c
index ade0b9917374d4c7c46cdc168ae2756eb7eb7514..cdf77f20cd38facacd8d1c1c50f5936c9a822de4 100644 (file)
--- a/ext/zip/php_zip.c
+++ b/ext/zip/php_zip.c
@@ -1003,10 +1003,13 @@ static void php_zip_object_free_storage(zend_object *object) /* {{{ */
        }
        if (intern->za) {
                if (zip_close(intern->za) != 0) {
+#if LIBZIP_VERSION_MAJOR == 1 && LIBZIP_VERSION_MINOR == 3 && LIBZIP_VERSION_MICRO == 1
+                       php_error_docref(NULL, E_WARNING, "Cannot destroy the zip context: %s", "zip_close have failed");
+#else
                        php_error_docref(NULL, E_WARNING, "Cannot destroy the zip context: %s", zip_strerror(intern->za));
-                       return;
+                       zip_discard(intern->za);
+#endif
                }
-               intern->za = NULL;
        }
 
        if (intern->buffers_cnt>0) {

diff --git a/ext/zip/tests/bug76524.phpt b/ext/zip/tests/bug76524.phpt
new file mode 100644 (file)
index 0000000..f28bfc1
--- /dev/null
+++ b/ext/zip/tests/bug76524.phpt
@@ -0,0 +1,21 @@
+--TEST--
+ZipArchive Bug #76524 (memory leak with ZipArchive::OVERWRITE flag and empty archive)
+--SKIPIF--
+<?php
+if(!extension_loaded('zip')) die('skip');
+?>
+--FILE--
+<?php
+
+$filename = __DIR__ . '/nonexistent.zip';
+
+$zip = new ZipArchive();
+$zip->open($filename, ZipArchive::CREATE | ZipArchive::OVERWRITE);
+echo 'ok';
+
+/* Zip-related error messages depend on platform and libzip version,
+   so the regex is used to check that Zend MM does NOT show warnings
+   about leaks: */
+?>
+--EXPECTREGEX--
+ok((?!memory leaks detected).)*