From 1c1b8b69982375700d4b011eb89ea48b66dbd5aa Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Sat, 16 Jan 2016 20:43:43 -0800 Subject: [PATCH] Fix bug #71391: NULL Pointer Dereference in phar_tar_setupmetadata() --- ext/phar/tar.c | 3 +++ ext/phar/tests/bug71391.phpt | 18 ++++++++++++++++++ ext/phar/tests/bug71391.tar | Bin 0 -> 3584 bytes 3 files changed, 21 insertions(+) create mode 100644 ext/phar/tests/bug71391.phpt create mode 100644 ext/phar/tests/bug71391.tar diff --git a/ext/phar/tar.c b/ext/phar/tar.c index 34ef0ef892..5f2680590e 100644 --- a/ext/phar/tar.c +++ b/ext/phar/tar.c @@ -880,6 +880,9 @@ static int phar_tar_setupmetadata(void *pDest, void *argument TSRMLS_DC) /* {{{ if (entry->filename_len >= sizeof(".phar/.metadata") && !memcmp(entry->filename, ".phar/.metadata", sizeof(".phar/.metadata")-1)) { if (entry->filename_len == sizeof(".phar/.metadata.bin")-1 && !memcmp(entry->filename, ".phar/.metadata.bin", sizeof(".phar/.metadata.bin")-1)) { + if (entry->phar->metadata == NULL) { + return ZEND_HASH_APPLY_REMOVE; + } return phar_tar_setmetadata(entry->phar->metadata, entry, error TSRMLS_CC); } /* search for the file this metadata entry references */ diff --git a/ext/phar/tests/bug71391.phpt b/ext/phar/tests/bug71391.phpt new file mode 100644 index 0000000000..b8d84f5375 --- /dev/null +++ b/ext/phar/tests/bug71391.phpt @@ -0,0 +1,18 @@ +--TEST-- +Phar: bug #71391: NULL Pointer Dereference in phar_tar_setupmetadata() +--SKIPIF-- + +--FILE-- +delMetaData(); +?> +DONE +--CLEAN-- + +--EXPECT-- +DONE \ No newline at end of file diff --git a/ext/phar/tests/bug71391.tar b/ext/phar/tests/bug71391.tar new file mode 100644 index 0000000000000000000000000000000000000000..a5b155ac87f42c5b059f0b236f47e41e9d5eb71d GIT binary patch literal 3584 zcmeHH(F(#a4D6@KK43Ooo5B2=48`riDO>%2)6G5=d@?d2_t4UVUcwy-5s?vwWgucv zCGl?K(T{4sxkHGf3#&^9T5 z^sUqU1vAOgzsNt=(tCdn)Q^GYW6eu|&J?Nc$LZ@$ruk