From 4a2b458835beb22df12e4398e1b4aa06e4716a8a Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Sun, 30 Jan 2011 22:28:57 +0000 Subject: [PATCH] fix bug 53885 (ZipArchive segfault with FL_UNCHANGED on empty archive) --- NEWS | 2 ++ ext/zip/lib/zip_name_locate.c | 4 ++++ ext/zip/tests/bug53885.phpt | 19 +++++++++++++++++++ 3 files changed, 25 insertions(+) create mode 100644 ext/zip/tests/bug53885.phpt diff --git a/NEWS b/NEWS index 7a52ee4e75..032190a355 100644 --- a/NEWS +++ b/NEWS @@ -154,6 +154,8 @@ . Fixed bug #53603 (ZipArchive should quiet stat errors). (brad dot froehle at gmail dot com, Gustavo) . Fixed bug #53854 (Missing constants for compression type). (Richard, Adam) + . Fixed bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive). + (Stas, Maksymilian Arciemowicz). 06 Jan 2011, PHP 5.3.5 - Fixed Bug #53632 (infinite loop with x87 fpu). (CVE-2010-4645) (Scott, diff --git a/ext/zip/lib/zip_name_locate.c b/ext/zip/lib/zip_name_locate.c index e8b35ff936..96c4f937e0 100644 --- a/ext/zip/lib/zip_name_locate.c +++ b/ext/zip/lib/zip_name_locate.c @@ -60,6 +60,10 @@ _zip_name_locate(struct zip *za, const char *fname, int flags, return -1; } + if((flags & ZIP_FL_UNCHANGED) && !za->cdir) { + return -1; + } + cmp = (flags & ZIP_FL_NOCASE) ? strcmpi : strcmp; n = (flags & ZIP_FL_UNCHANGED) ? za->cdir->nentry : za->nentry; diff --git a/ext/zip/tests/bug53885.phpt b/ext/zip/tests/bug53885.phpt new file mode 100644 index 0000000000..d59bf8f034 --- /dev/null +++ b/ext/zip/tests/bug53885.phpt @@ -0,0 +1,19 @@ +--TEST-- +Bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive) +--SKIPIF-- + +--FILE-- +open($fname); +$nx->locateName("a",ZIPARCHIVE::FL_UNCHANGED); +$nx->statName("a",ZIPARCHIVE::FL_UNCHANGED); +?> +==DONE== +--EXPECTF-- +==DONE== -- 2.50.1