From: Stanislav Malyshev <stas@php.net>
Date: Tue, 19 Jul 2016 06:01:10 +0000 (-0700)
Subject: Partial fix for bug #72613 - do not allow reading past error read
X-Git-Tag: php-7.1.0beta1~28^2~1^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=5faa15c4ce9d68a286a9ffe10ecbb897ebe95601;p=php

Partial fix for bug #72613 - do not allow reading past error read
---

diff --git a/ext/bz2/bz2.c b/ext/bz2/bz2.c
index 359425437d..bc6379aeea 100644
--- a/ext/bz2/bz2.c
+++ b/ext/bz2/bz2.c
@@ -148,7 +148,11 @@ static size_t php_bz2iop_read(php_stream *stream, char *buf, size_t count)
 		just_read = BZ2_bzread(self->bz_file, buf, to_read);
 
 		if (just_read < 1) {
-			stream->eof = 0 == just_read;
+			/* it is not safe to keep reading after an error, see #72613 */
+			stream->eof = 1;
+			if (just_read < 0) {
+				return -1;
+			}
 			break;
 		}
 
diff --git a/ext/bz2/tests/72613.bz2 b/ext/bz2/tests/72613.bz2
new file mode 100644
index 0000000000..0b932f8d91
Binary files /dev/null and b/ext/bz2/tests/72613.bz2 differ
diff --git a/ext/bz2/tests/bug72613.phpt b/ext/bz2/tests/bug72613.phpt
new file mode 100644
index 0000000000..82547e6ae0
--- /dev/null
+++ b/ext/bz2/tests/bug72613.phpt
@@ -0,0 +1,23 @@
+--TEST--
+Bug #72613 (Inadequate error handling in bzread())
+--SKIPIF--
+<?php if (!extension_loaded("bz2")) print "skip"; ?>
+--FILE--
+<?php
+$fp = bzopen(__DIR__.'/72613.bz2', 'r');
+if ($fp === FALSE) {
+    exit("ERROR: bzopen()");
+}
+$data = "";
+while (!feof($fp)) {
+    $res = bzread($fp);
+    if ($res === FALSE) {
+        exit("ERROR: bzread()");
+    }
+    $data .= $res;
+}
+bzclose($fp);
+?>
+DONE
+--EXPECT--
+DONE
\ No newline at end of file