From a78fd15fae0811e459f0b6f90938f1f12e8bee73 Mon Sep 17 00:00:00 2001
From: Greg Beaver <cellog@php.net>
Date: Mon, 28 Apr 2008 22:57:21 +0000
Subject: [PATCH] fix double free and broken stat.phpt

---
 ext/phar/func_interceptors.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/ext/phar/func_interceptors.c b/ext/phar/func_interceptors.c
index b456968dae..db28631638 100644
--- a/ext/phar/func_interceptors.c
+++ b/ext/phar/func_interceptors.c
@@ -56,6 +56,7 @@ PHAR_FUNC(phar_opendir) /* {{{ */
 			entry_len = filename_len;
 			if (strstr(entry, "://")) {
 				efree(arch);
+				efree(entry);
 				goto skip_phar;
 			}
 			/* retrieving a file within the current directory, so use this if possible */
@@ -577,14 +578,14 @@ void phar_file_stat(const char *filename, php_stat_len filename_length, int type
 			phar_archive_data **pphar;
 
 			efree(entry);
-			entry = (char *)filename;
+			entry = estrndup(filename, filename_length);
 			/* fopen within phar, if :// is not in the url, then prepend phar://<archive>/ */
 			entry_len = (int) filename_length;
 			if (FAILURE == (zend_hash_find(&(PHAR_GLOBALS->phar_fname_map), arch, arch_len, (void **) &pphar))) {
 				efree(arch);
 				goto skip_phar;
 			}
-			entry = phar_fix_filepath(estrndup(entry, entry_len), &entry_len, 1 TSRMLS_CC);
+			entry = phar_fix_filepath(entry, &entry_len, 1 TSRMLS_CC);
 			if (SUCCESS == zend_hash_find(&((*pphar)->manifest), entry, entry_len, (void **) &data)) {
 				efree(entry);
 				goto stat_entry;
@@ -593,11 +594,11 @@ void phar_file_stat(const char *filename, php_stat_len filename_length, int type
 				int save_len = PHAR_G(cwd_len), save2_len = entry_len;
 
 				/* this file is not in the current directory, use the original path */
-				entry = (char *)filename;
+				entry = estrndup(filename, filename_length);
 				PHAR_G(cwd) = "/";
 				PHAR_G(cwd_len) = 0;
 				/* clean path without cwd */
-				entry = phar_fix_filepath(estrndup(entry, entry_len), &entry_len, 1 TSRMLS_CC);
+				entry = phar_fix_filepath(entry, &entry_len, 1 TSRMLS_CC);
 				if (SUCCESS == zend_hash_find(&((*pphar)->manifest), entry + 1, entry_len - 1, (void **) &data)) {
 					PHAR_G(cwd) = save;
 					PHAR_G(cwd_len) = save_len;
-- 
2.50.1