fix bug #60164 (Stubs of a specific length break phar_open_from_fp scanning for __HAL...

diff --git a/ext/phar/phar.c b/ext/phar/phar.c
index 05d24d4384b39132400d61211eec69b51f084dbc..81f9d4fad2482f266e05558774051bd04f6c274f 100644 (file)
--- a/ext/phar/phar.c
+++ b/ext/phar/phar.c
@@ -1569,7 +1569,9 @@ static int phar_open_from_fp(php_stream* fp, char *fname, int fname_len, char *a
        const char zip_magic[] = "PK\x03\x04";
        const char gz_magic[] = "\x1f\x8b\x08";
        const char bz_magic[] = "BZh";
-       char *pos, buffer[1024 + sizeof(token)], test = '\0';
+       char *pos, test = '\0';
+       const int window_size = 1024;
+       char buffer[window_size + sizeof(token)]; /* a 1024 byte window + the size of the halt_compiler token (moving window) */
        const long readsize = sizeof(buffer) - sizeof(token);
        const long tokenlen = sizeof(token) - 1;
        long halt_offset;
@@ -1717,7 +1719,7 @@ static int phar_open_from_fp(php_stream* fp, char *fname, int fname_len, char *a
                }
 
                halt_offset += got;
-               memmove(buffer, buffer + tokenlen, got + 1);
+               memmove(buffer, buffer + window_size, tokenlen); /* move the memory buffer by the size of the window */
        }
 
        MAPPHAR_ALLOC_FAIL("internal corruption of phar \"%s\" (__HALT_COMPILER(); not found)")

diff --git a/ext/phar/tests/bug60164.phpt b/ext/phar/tests/bug60164.phpt
new file mode 100644 (file)
index 0000000..8fd5de5
--- /dev/null
+++ b/ext/phar/tests/bug60164.phpt
@@ -0,0 +1,21 @@
+--TEST--
+Phar: verify stub of specific length does not break __HALT_COMPILER(); scanning in php
+--SKIPIF--
+<?php
+if (!extension_loaded("phar")) die("skip");
+?>
+--INI--
+phar.require_hash=0
+phar.readonly=0
+--FILE--
+<?php
+$phar = __DIR__ . '/files/stuboflength1041.phar';
+foreach (new RecursiveIteratorIterator(new Phar($phar, null, 'stuboflength1041.phar')) as $item) {
+    var_dump($item->getFileName());
+}
+?>
+===DONE===
+--EXPECT--
+string(5) "a.php"
+string(5) "b.php"
+===DONE===
\ No newline at end of file

diff --git a/ext/phar/tests/files/stuboflength1041.phar b/ext/phar/tests/files/stuboflength1041.phar
new file mode 100644 (file)
index 0000000..d90fb8f
Binary files /dev/null and b/ext/phar/tests/files/stuboflength1041.phar differ

diff --git a/ext/phar/tests/files/stuboflength1041.phar.inc b/ext/phar/tests/files/stuboflength1041.phar.inc
new file mode 100644 (file)
index 0000000..28ce842
--- /dev/null
+++ b/ext/phar/tests/files/stuboflength1041.phar.inc
@@ -0,0 +1,21 @@
+<?php
+
+@unlink(__DIR__ . '/stuboflength1041.phar');
+
+$phar = new Phar('./stuboflength1041.phar');
+$phar['a.php'] = 'hi1';
+$phar['b.php'] = 'hi2';
+
+$phar->setStub('<?php
+/***stub of length 1041 including the halt compiler*********************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+************************************************************************************************
+*********************************************/
+__HALT_COMPILER();');
\ No newline at end of file