From: Stanislav Malyshev <stas@php.net>
Date: Sun, 30 Jan 2011 22:28:57 +0000 (+0000)
Subject: fix bug 53885 (ZipArchive segfault with FL_UNCHANGED on empty archive)
X-Git-Tag: php-5.3.6RC1~54
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4a2b458835beb22df12e4398e1b4aa06e4716a8a;p=php

fix bug 53885 (ZipArchive segfault with FL_UNCHANGED on empty archive)
---

diff --git a/NEWS b/NEWS
index 7a52ee4e75..032190a355 100644
--- a/NEWS
+++ b/NEWS
@@ -154,6 +154,8 @@
   . Fixed bug #53603 (ZipArchive should quiet stat errors). (brad dot froehle at
     gmail dot com, Gustavo)
   . Fixed bug #53854 (Missing constants for compression type). (Richard, Adam)
+  . Fixed bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive).
+    (Stas, Maksymilian Arciemowicz).
 
 06 Jan 2011, PHP 5.3.5
 - Fixed Bug #53632 (infinite loop with x87 fpu). (CVE-2010-4645) (Scott, 
diff --git a/ext/zip/lib/zip_name_locate.c b/ext/zip/lib/zip_name_locate.c
index e8b35ff936..96c4f937e0 100644
--- a/ext/zip/lib/zip_name_locate.c
+++ b/ext/zip/lib/zip_name_locate.c
@@ -60,6 +60,10 @@ _zip_name_locate(struct zip *za, const char *fname, int flags,
 	return -1;
     }
 
+    if((flags & ZIP_FL_UNCHANGED)  && !za->cdir) {
+    	return -1;
+    }
+
     cmp = (flags & ZIP_FL_NOCASE) ? strcmpi : strcmp;
 
     n = (flags & ZIP_FL_UNCHANGED) ? za->cdir->nentry : za->nentry;
diff --git a/ext/zip/tests/bug53885.phpt b/ext/zip/tests/bug53885.phpt
new file mode 100644
index 0000000000..d59bf8f034
--- /dev/null
+++ b/ext/zip/tests/bug53885.phpt
@@ -0,0 +1,19 @@
+--TEST--
+Bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive)
+--SKIPIF--
+<?php
+if(!extension_loaded('zip')) die('skip');
+?>
+--FILE--
+<?php
+$fname = dirname(__FILE__)."/test53885.zip";
+if(file_exists($fname)) unlink($fname);
+touch($fname);
+$nx=new ZipArchive();
+$nx->open($fname);
+$nx->locateName("a",ZIPARCHIVE::FL_UNCHANGED);
+$nx->statName("a",ZIPARCHIVE::FL_UNCHANGED);
+?>
+==DONE==
+--EXPECTF--
+==DONE==