(PHP gzinflate) Workaround for bug #14939 (buffer error in gzinflate()).

                Fixed prototype and added test for #14939.

# We have extra \0 if the input comes directly from gzdeflate()
# so give one extra byte as length to workaround behaviour of zlib.
# I want to avoid copying the input, but if there are problems,
# please tell (see my message <20020310175611.GA4472@stefan.roehri.ch> to
# php-dev).

diff --git a/ext/zlib/tests/001.phpt b/ext/zlib/tests/001.phpt
index fab6d5dfa34cca7ad618b8c0020407af50b64bb9..40b84c6f07705d5ea00eec871ca2a386924cac1d 100644 (file)
--- a/ext/zlib/tests/001.phpt
+++ b/ext/zlib/tests/001.phpt
@@ -11,7 +11,16 @@ $packed=gzdeflate($original);
 echo strlen($packed)." ".strlen($original)."\n";
 $unpacked=gzinflate($packed);
 if (strcmp($original,$unpacked)==0) echo "Strings are equal";
+
+echo "\n";
+$original = 'aaaaaaaaaaaaaaa';
+$packed=gzdeflate($original);
+echo strlen($packed)." ".strlen($original)."\n";
+$unpacked=gzinflate($packed);
+if (strcmp($original,$unpacked)==0) echo "Strings are equal";
 ?>
 --EXPECT--
 100 36864
 Strings are equal
+5 15
+Strings are equal
\ No newline at end of file

diff --git a/ext/zlib/zlib.c b/ext/zlib/zlib.c
index 6f0f08d298e71e030cc891b40c3a0a2b0f6056a1..02889609c74e8ef5272ce5c5df4eeec9c24b96c7 100644 (file)
--- a/ext/zlib/zlib.c
+++ b/ext/zlib/zlib.c
@@ -919,7 +919,7 @@ PHP_FUNCTION(gzdeflate)
 }
 /* }}} */
 
-/* {{{ proto string gzinflate(string data, int length) 
+/* {{{ proto string gzinflate(string data [, int length]) 
    Unzip a gzip-compressed string */
 PHP_FUNCTION(gzinflate)
 {
@@ -967,7 +967,7 @@ PHP_FUNCTION(gzinflate)
                if(! s2) { if(s1) efree(s1); RETURN_FALSE; }
 
                stream.next_in = (Bytef*) Z_STRVAL_PP(data);
-               stream.avail_in = (uInt) Z_STRLEN_PP(data);
+               stream.avail_in = (uInt) Z_STRLEN_PP(data) + 1; /* there is room for \0 */
 
                stream.next_out = s2;
                stream.avail_out = (uInt) length;