consumed += desired;
bin += desired;
- if (!desired) {
- flags |= PSFS_FLAG_FLUSH_CLOSE;
- break;
- }
-
- if (data->strm.avail_out < data->outbuf_len) {
+ if (status == BZ_STREAM_END || data->strm.avail_out < data->outbuf_len) {
php_stream_bucket *out_bucket;
size_t bucketlen = data->outbuf_len - data->strm.avail_out;
out_bucket = php_stream_bucket_new(stream, estrndup(data->outbuf, bucketlen), bucketlen, 1, 0 TSRMLS_CC);
data->strm.avail_out = data->outbuf_len;
data->strm.next_out = data->outbuf;
exit_status = PSFS_PASS_ON;
+ if (status == BZ_STREAM_END) {
+ /* no more data to decompress, and nothing was spat out */
+ if (data->strm.avail_out >= data->outbuf_len) {
+ php_stream_bucket_delref(bucket TSRMLS_CC);
+ }
+ return PSFS_PASS_ON;
+ }
}
}
php_stream_bucket_delref(bucket TSRMLS_CC);
--- /dev/null
+--TEST--
+Bug #40189 (endless loop in zlib.inflate stream filter)
+--SKIPIF--
+<?php if (!extension_loaded("zlib")) print "skip"; ?>
+--FILE--
+<?php
+// this string is an excerpt of a phar archive that caused an infinite loop
+$a = "\x3\x0\x85\x46\x2f\x7c\xc2\xaa\x69\x2b\x6d\xe5\xdb\xfe\xe4\x21\x8f\x0\x97\x21\x1d\x2\x0\x0\x0\x47\x42\x4d\x42";
+var_dump(base64_encode($a));
+$gp = fopen('test.other', 'wb');
+$fp = fopen('data://text/plain;base64,AwCFRi98wqppK23l2/7kIY8AlyEdAgAAAEdCTUI=', 'r');
+stream_filter_append($fp, 'zlib.inflate', STREAM_FILTER_READ);
+var_dump(stream_copy_to_stream($fp, $gp, 5));
+fclose($fp);
+fclose($gp);
+var_dump(file_get_contents('test.other'));
+?>
+--EXPECT--
+string(40) "AwCFRi98wqppK23l2/7kIY8AlyEdAgAAAEdCTUI="
+int(0)
+string(0) ""
--- /dev/null
+--TEST--
+Bug #40189 (test for truncated deflate, also part of erroneous fix for #40189)
+--SKIPIF--
+<?php if (!extension_loaded("zlib")) print "skip"; ?>
+--FILE--
+<?php
+$a = fopen('ext/zlib/tests/bug.tar', 'rb');
+stream_filter_append($a, 'zlib.deflate', STREAM_FILTER_READ, array('window' => 15+16));
+$b = fread($a, 4716032);
+var_dump(strlen($b));
+// when broken, this outputs "int(686904)"
+?>
+--EXPECT--
+int(1676116)
\ No newline at end of file
data->strm.avail_in = 0;
bin += desired;
- if (!desired) {
- flags |= PSFS_FLAG_FLUSH_CLOSE;
- break;
- }
-
- if (data->strm.avail_out < data->outbuf_len) {
+ if (status == Z_STREAM_END || data->strm.avail_out < data->outbuf_len) {
php_stream_bucket *out_bucket;
size_t bucketlen = data->outbuf_len - data->strm.avail_out;
out_bucket = php_stream_bucket_new(stream, estrndup(data->outbuf, bucketlen), bucketlen, 1, 0 TSRMLS_CC);
data->strm.avail_out = data->outbuf_len;
data->strm.next_out = data->outbuf;
exit_status = PSFS_PASS_ON;
+ if (status == Z_STREAM_END) {
+ /* no more data to decompress, and nothing was spat out */
+ if (data->strm.avail_out >= data->outbuf_len) {
+ php_stream_bucket_delref(bucket TSRMLS_CC);
+ }
+ return PSFS_PASS_ON;
+ }
}
}
consumed += bucket->buflen;
projects / php / commitdiff