From: Greg Beaver <cellog@php.net>
Date: Thu, 11 Sep 2008 03:29:42 +0000 (+0000)
Subject: MFPHP5: fix Bug #46032: PharData::__construct wrong memory read
X-Git-Tag: BEFORE_HEAD_NS_CHANGE~437
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=6391270b8560b0336e1adc3c03789a67e4ee2b5b;p=php

MFPHP5: fix Bug #46032: PharData::__construct wrong memory read
---

diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c
index db82767e4f..a2d00cec94 100755
--- a/ext/phar/phar_object.c
+++ b/ext/phar/phar_object.c
@@ -1165,10 +1165,10 @@ PHP_METHOD(Phar, __construct)
 		return;
 	}
 
+	save_fname = fname;
 	if (SUCCESS == phar_split_fname(fname, fname_len, &arch, &arch_len, &entry, &entry_len, !is_data, 2 TSRMLS_CC)) {
 		/* use arch (the basename for the archive) for fname instead of fname */
 		/* this allows support for RecursiveDirectoryIterator of subdirectories */
-		save_fname = fname;
 #ifdef PHP_WIN32
 		phar_unixify_path_separators(arch, arch_len);
 #endif
@@ -1178,7 +1178,6 @@ PHP_METHOD(Phar, __construct)
 	} else {
 		arch = estrndup(fname, fname_len);
 		arch_len = fname_len;
-		save_fname = fname;
 		fname = arch;
 		phar_unixify_path_separators(arch, arch_len);
 #endif
@@ -1186,7 +1185,7 @@ PHP_METHOD(Phar, __construct)
 
 	if (phar_open_or_create_filename(fname, fname_len, alias, alias_len, is_data, REPORT_ERRORS, &phar_data, &error TSRMLS_CC) == FAILURE) {
 
-		if (fname == arch) {
+		if (fname == arch && fname != save_fname) {
 			efree(arch);
 			fname = save_fname;
 		}
diff --git a/ext/phar/tests/bug46032.phpt b/ext/phar/tests/bug46032.phpt
new file mode 100644
index 0000000000..be42b04b5c
--- /dev/null
+++ b/ext/phar/tests/bug46032.phpt
@@ -0,0 +1,34 @@
+--TEST--
+Phar: bug #46032: PharData::__construct wrong memory read
+--SKIPIF--
+<?php if (!extension_loaded("phar")) die("skip"); ?>
+<?php if (getenv('SKIP_SLOW_TESTS')) die('skip'); ?>
+--FILE--
+<?php
+
+$a = __DIR__ .'/mytest';
+
+try {
+	new phar($a);
+} catch (exception $e) { }
+
+var_dump($a);
+
+try {
+	new phar($a);
+} catch (exception $e) { }
+
+var_dump($a);
+
+new phardata('0000000000000000000');
+?>
+===DONE===
+--EXPECTF--
+string(%d) "%smytest"
+string(%d) "%smytest"
+
+Fatal error: Uncaught exception 'UnexpectedValueException' with message 'Cannot create phar '0000000000000000000', file extension (or combination) not recognised' in %sbug46032.php:%d
+Stack trace:
+#0 /home/cellog/workspace/php5/ext/phar/tests/bug46032.php(%d): PharData->__construct('000000000000000...')
+#1 {main}
+  thrown in %sbug46032.php on line %d
diff --git a/ext/phar/util.c b/ext/phar/util.c
index 0723cd2508..573bd42a2d 100644
--- a/ext/phar/util.c
+++ b/ext/phar/util.c
@@ -1186,6 +1186,10 @@ int phar_free_alias(phar_archive_data *phar, char *alias, int alias_len TSRMLS_D
 }
 /* }}} */
 
+static int phar_retrieve_apc(fname, fname_len, archive)
+{
+}
+
 /**
  * Looks up a phar archive in the filename map, connecting it to the alias
  * (if any) or returns null
@@ -1381,11 +1385,18 @@ realpath_success:
 
 			return SUCCESS;
 		}
+<<<<<<< util.c
+		if (SUCCESS == phar_retrieve_apc(fname, fname_len, archive)) {
+			efree(my_realpath);
+			return SUCCESS;
+		}
+=======
 
 		if (PHAR_G(manifest_cached) && SUCCESS == zend_hash_quick_find(&cached_phars, fname, fname_len, fhash, (void**)&fd_ptr)) {
 			goto realpath_success;
 		}
 
+>>>>>>> 1.60
 		efree(my_realpath);
 	}