From: Greg Beaver <cellog@php.net>
Date: Sun, 26 Oct 2008 05:49:24 +0000 (+0000)
Subject: MFB: fix several errors found by valgrind
X-Git-Tag: BEFORE_HEAD_NS_CHANGE~162
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=329229071f8007f920cdd77029de0ae9f0b96c32;p=php

MFB: fix several errors found by valgrind
1 - entry metadata not properly processed or retrieved from cached phars
2 - copy on write was using a void return value instead of int, a dangerous oversight in phar_update_cached_entry
3 - metadata creation in entries for cached phars was causing an invalid read
---

diff --git a/ext/phar/phar.c b/ext/phar/phar.c
index 31efbcab33..0db27db34e 100644
--- a/ext/phar/phar.c
+++ b/ext/phar/phar.c
@@ -1035,6 +1035,7 @@ static int phar_parse_pharfile(php_stream *fp, char *fname, int fname_len, char
 	/* check whether we have meta data, zero check works regardless of byte order */
 	if (mydata->is_persistent) {
 		PHAR_GET_32(buffer, mydata->metadata_len);
+		if (!mydata->metadata_len) buffer -= 4;
 		if (phar_parse_metadata(&buffer, &mydata->metadata, mydata->metadata_len TSRMLS_CC) == FAILURE) {
 			MAPPHAR_FAIL("unable to read phar metadata in .phar file \"%s\"");
 		}
@@ -1114,7 +1115,9 @@ static int phar_parse_pharfile(php_stream *fp, char *fname, int fname_len, char
 		}
 
 		if (entry.is_persistent) {
-			if (phar_parse_metadata(&buffer, &entry.metadata, 0 TSRMLS_CC) == FAILURE) {
+			PHAR_GET_32(buffer, entry.metadata_len);
+			if (!entry.metadata_len) buffer -= 4;
+			if (phar_parse_metadata(&buffer, &entry.metadata, entry.metadata_len TSRMLS_CC) == FAILURE) {
 				pefree(entry.filename, entry.is_persistent);
 				MAPPHAR_FAIL("unable to read file metadata in .phar file \"%s\"");
 			}
diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c
index e2261b9535..d3bc4de872 100755
--- a/ext/phar/phar_object.c
+++ b/ext/phar/phar_object.c
@@ -4583,6 +4583,15 @@ PHP_METHOD(PharFileInfo, getMetadata)
 	PHAR_ENTRY_OBJECT();
 
 	if (entry_obj->ent.entry->metadata) {
+		if (entry_obj->ent.entry->is_persistent) {
+			zval *ret;
+			char *buf = estrndup((char *) entry_obj->ent.entry->metadata, entry_obj->ent.entry->metadata_len);
+			/* assume success, we would have failed before */
+			phar_parse_metadata(&buf, &ret, entry_obj->ent.entry->metadata_len TSRMLS_CC);
+			efree(buf);
+			RETURN_ZVAL(ret, 0, 1);
+			return;
+		}
 		RETURN_ZVAL(entry_obj->ent.entry->metadata, 1, 0);
 	}
 }
diff --git a/ext/phar/util.c b/ext/phar/util.c
index c6d734981c..5c57e72e41 100644
--- a/ext/phar/util.c
+++ b/ext/phar/util.c
@@ -2198,7 +2198,7 @@ void phar_add_virtual_dirs(phar_archive_data *phar, char *filename, int filename
 }
 /* }}} */
 
-static void phar_update_cached_entry(void *data, void *argument) /* {{{ */
+static int phar_update_cached_entry(void *data, void *argument) /* {{{ */
 {
 	phar_entry_info *entry = (phar_entry_info *)data;
 	TSRMLS_FETCH();
@@ -2221,7 +2221,7 @@ static void phar_update_cached_entry(void *data, void *argument) /* {{{ */
 		if (entry->metadata_len) {
 			char *buf = estrndup((char *) entry->metadata, entry->metadata_len);
 			/* assume success, we would have failed before */
-			phar_parse_metadata((char **) &entry->metadata, &entry->metadata, entry->metadata_len TSRMLS_CC);
+			phar_parse_metadata((char **) &buf, &entry->metadata, entry->metadata_len TSRMLS_CC);
 			efree(buf);
 		} else {
 			zval *t;
@@ -2239,6 +2239,7 @@ static void phar_update_cached_entry(void *data, void *argument) /* {{{ */
 			entry->metadata_str.len = 0;
 		}
 	}
+	return ZEND_HASH_APPLY_KEEP;
 }
 /* }}} */