- Fixed BC problem in new zlib implementation: truncated (invalid) short data was...

diff --git a/ext/zlib/tests/006.phpt b/ext/zlib/tests/006.phpt
index 95b989b307ec41d16e870d28e194586dc5dda4f0..3ac73b14197bb429bd836b397db8cc12f227a782 100644 (file)
--- a/ext/zlib/tests/006.phpt
+++ b/ext/zlib/tests/006.phpt
@@ -31,7 +31,6 @@ var_dump(gzinflate($data1));
 var_dump(gzinflate($data2));
 $data2[4] = 0;
 var_dump(gzinflate((binary)$data2));
-
 echo "Done\n";
 ?>
 --EXPECTF--    
@@ -57,8 +56,12 @@ bool(false)
 
 Warning: gzinflate(): length (-1) must be greater or equal zero in %s on line %d
 bool(false)
-string(0) ""
-string(0) ""
+
+Warning: gzinflate(): data error in %s on line %d
+bool(false)
+
+Warning: gzinflate(): data error in %s on line %d
+bool(false)
 string(94) "Answer me, it can't be so hard
 Cry to relieve what's in your heart
 Desolation, grief and agony"

diff --git a/ext/zlib/tests/gzinflate-bug42663.phpt b/ext/zlib/tests/gzinflate-bug42663.phpt
index dd53c78f4e024c126938ea1e3db7cf8610db9915..2d1eba37258c68894b0941dc4c1d87ceb0c4176e 100644 (file)
--- a/ext/zlib/tests/gzinflate-bug42663.phpt
+++ b/ext/zlib/tests/gzinflate-bug42663.phpt
@@ -15,9 +15,12 @@ var_dump(strlen($deflated));
 $truncated = substr($deflated, 0, 65535);
 var_dump(strlen($truncated));
 // inflate $truncated string (check if it will not eat all memory)
-gzinflate($truncated);
+var_dump(gzinflate($truncated));
 ?>
---EXPECT--
+--EXPECTF--
 int(168890)
 int(66743)
 int(65535)
+
+Warning: gzinflate(): data error in %s on line %d
+bool(false)

diff --git a/ext/zlib/zlib.c b/ext/zlib/zlib.c
index 039577bac1f7e399021ca189fe108d983bf052e1..1a77f022cff1067f229fafb6729b69bf2cbb1a3a 100644 (file)
--- a/ext/zlib/zlib.c
+++ b/ext/zlib/zlib.c
@@ -344,15 +344,19 @@ static inline int php_zlib_inflate_rounds(z_stream *Z, size_t max, char **buf, s
                }
        } while ((Z_BUF_ERROR == status || (Z_OK == status && Z->avail_in)) && ++round < 100);
 
-       if (status == Z_OK || status == Z_STREAM_END) {
+       if (status == Z_STREAM_END) {
                buffer.data = erealloc(buffer.data, buffer.used + 1);
                buffer.data[buffer.used] = '\0';
                *buf = buffer.data;
                *len = buffer.used;
-       } else if (buffer.data) {
-               efree(buffer.data);
+       } else {
+               if (buffer.data) {
+                       efree(buffer.data);
+               }
+               /* HACK: See zlib/examples/zpipe.c inf() function for explanation. */
+               /* This works as long as this function is not used for streaming. Required to catch very short invalid data. */
+               status = (status == Z_OK) ? Z_DATA_ERROR : status;
        }
-
        return status;
 }
 /* }}} */
@@ -375,7 +379,6 @@ retry_raw_inflate:
                        Z.avail_in = in_len;
 
                        switch (status = php_zlib_inflate_rounds(&Z, max_len, out_buf, out_len)) {
-                               case Z_OK:
                                case Z_STREAM_END:
                                        inflateEnd(&Z);
                                        return SUCCESS;