improve error messages to state overrun when it exists. Also, catch overrun before...

author Greg Beaver <cellog@php.net>

Thu, 8 Dec 2005 07:59:18 +0000 (07:59 +0000)

committer Greg Beaver <cellog@php.net>

Thu, 8 Dec 2005 07:59:18 +0000 (07:59 +0000)
author Greg Beaver <cellog@php.net>
Thu, 8 Dec 2005 07:59:18 +0000 (07:59 +0000)
committer Greg Beaver <cellog@php.net>
Thu, 8 Dec 2005 07:59:18 +0000 (07:59 +0000)
diff --git a/ext/phar/phar.c b/ext/phar/phar.c

index 9434111debab6bd2669f9c19669ce43c3dbfec4a..a414742c8e2f96f99019360b81791cbed86839fd 100644 (file)
--- a/ext/phar/phar.c
+++ b/ext/phar/phar.c
@@ -204,18 +204,21 @@ PHP_METHOD(PHP_Archive, mapPhar)
         i = 0;
  #define PHAR_GET_VAL(var)                      \
         if (buffer > endbuffer) {               \
-               MAPPHAR_FAIL("internal corruption of phar \"%s\" (truncated manifest)")\
+               MAPPHAR_FAIL("internal corruption of phar \"%s\" (buffer overrun)")\
         }                                       \
         unpack_var = (char *) &var;             \
         var = 0;                                \
         for (i = 0; i < 4; i++) {               \
                 unpack_var[little_endian_long_map[i]] = *buffer++;\
+               if (buffer > endbuffer) {       \
+                       MAPPHAR_FAIL("internal corruption of phar \"%s\" (buffer overrun)")\
+               }                               \
         }
  
         if (4 != php_stream_read(fp, buffer, 4)) {
                 MAPPHAR_FAIL("internal corruption of phar \"%s\" (truncated manifest)")
         }
-       endbuffer = buffer;
+       endbuffer = buffer + 5;
         PHAR_GET_VAL(manifest_len)
         buffer -= 4;
         if (manifest_len > 1048576) {
author	Greg Beaver <cellog@php.net>
	Thu, 8 Dec 2005 07:59:18 +0000 (07:59 +0000)
committer	Greg Beaver <cellog@php.net>
	Thu, 8 Dec 2005 07:59:18 +0000 (07:59 +0000)