diff options
Diffstat (limited to 'ext/zlib')
| -rw-r--r-- | ext/zlib/php_zlib.h | 4 | ||||
| -rw-r--r-- | ext/zlib/tests/bug.tar | bin | 0 -> 4720640 bytes | |||
| -rw-r--r-- | ext/zlib/tests/bug_40189.phpt | 25 | ||||
| -rw-r--r-- | ext/zlib/tests/bug_40189_2.phpt | 14 | ||||
| -rw-r--r-- | ext/zlib/tests/zlib_filter_inflate2.phpt | 41 | ||||
| -rw-r--r-- | ext/zlib/zlib.c | 4 | ||||
| -rw-r--r-- | ext/zlib/zlib_filter.c | 84 | ||||
| -rw-r--r-- | ext/zlib/zlib_fopen_wrapper.c | 4 |
8 files changed, 131 insertions, 45 deletions
diff --git a/ext/zlib/php_zlib.h b/ext/zlib/php_zlib.h index 047b73f3f..89e6ee213 100644 --- a/ext/zlib/php_zlib.h +++ b/ext/zlib/php_zlib.h @@ -2,7 +2,7 @@ +----------------------------------------------------------------------+ | PHP Version 5 | +----------------------------------------------------------------------+ - | Copyright (c) 1997-2007 The PHP Group | + | Copyright (c) 1997-2008 The PHP Group | +----------------------------------------------------------------------+ | This source file is subject to version 3.01 of the PHP license, | | that is bundled with this package in the file LICENSE, and is | @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: php_zlib.h,v 1.42.2.1.2.2 2007/01/01 09:36:10 sebastian Exp $ */ +/* $Id: php_zlib.h,v 1.42.2.1.2.3 2007/12/31 07:20:14 sebastian Exp $ */ #ifndef PHP_ZLIB_H #define PHP_ZLIB_H diff --git a/ext/zlib/tests/bug.tar b/ext/zlib/tests/bug.tar Binary files differnew file mode 100644 index 000000000..77fd77832 --- /dev/null +++ b/ext/zlib/tests/bug.tar diff --git a/ext/zlib/tests/bug_40189.phpt b/ext/zlib/tests/bug_40189.phpt new file mode 100644 index 000000000..07e5191a9 --- /dev/null +++ b/ext/zlib/tests/bug_40189.phpt @@ -0,0 +1,25 @@ +--TEST-- +Bug #40189 (endless loop in zlib.inflate stream filter) +--SKIPIF-- +<?php if (!extension_loaded("zlib")) print "skip"; ?> +--FILE-- +<?php +// this string is an excerpt of a phar archive that caused an infinite loop +$a = "\x3\x0\x85\x46\x2f\x7c\xc2\xaa\x69\x2b\x6d\xe5\xdb\xfe\xe4\x21\x8f\x0\x97\x21\x1d\x2\x0\x0\x0\x47\x42\x4d\x42"; +var_dump(base64_encode($a)); +$gp = fopen(dirname(__FILE__) . '/test.other', 'wb'); +$fp = fopen('data://text/plain;base64,AwCFRi98wqppK23l2/7kIY8AlyEdAgAAAEdCTUI=', 'r'); +stream_filter_append($fp, 'zlib.inflate', STREAM_FILTER_READ); +var_dump(stream_copy_to_stream($fp, $gp, 5)); +fclose($fp); +fclose($gp); +var_dump(file_get_contents(dirname(__FILE__) . '/test.other')); +?> +--CLEAN-- +<?php +@unlink(dirname(__FILE__) . '/test.other'); +?> +--EXPECT-- +string(40) "AwCFRi98wqppK23l2/7kIY8AlyEdAgAAAEdCTUI=" +int(0) +string(0) "" diff --git a/ext/zlib/tests/bug_40189_2.phpt b/ext/zlib/tests/bug_40189_2.phpt new file mode 100644 index 000000000..13a19dbd9 --- /dev/null +++ b/ext/zlib/tests/bug_40189_2.phpt @@ -0,0 +1,14 @@ +--TEST-- +Bug #40189 (test for truncated deflate, also part of erroneous fix for #40189) +--SKIPIF-- +<?php if (!extension_loaded("zlib")) print "skip"; ?> +--FILE-- +<?php +$a = fopen(dirname(__FILE__). '/bug.tar', 'rb'); +stream_filter_append($a, 'zlib.deflate', STREAM_FILTER_READ, array('window' => 15+16)); +$b = fread($a, 4716032); +var_dump(strlen($b)); +// when broken, this outputs "int(686904)" +?> +--EXPECT-- +int(1676116)
\ No newline at end of file diff --git a/ext/zlib/tests/zlib_filter_inflate2.phpt b/ext/zlib/tests/zlib_filter_inflate2.phpt new file mode 100644 index 000000000..028e743ee --- /dev/null +++ b/ext/zlib/tests/zlib_filter_inflate2.phpt @@ -0,0 +1,41 @@ +--TEST-- +zlib.inflate of gzip-encoded stream +--SKIPIF-- +<?php if (!extension_loaded("zlib")) print "skip"; ?> +--FILE-- +<?php /* $Id: zlib_filter_inflate2.phpt,v 1.1.2.3 2008/04/08 08:45:04 jani Exp $ */ + +$a = gzopen(dirname(__FILE__) . '/test.txt.gz', 'w'); +fwrite($a, "This is quite the thing ain't it\n"); +fclose($a); + +$fp = fopen(dirname(__FILE__) . '/test.txt.gz', 'r'); +stream_filter_append($fp, 'zlib.inflate', STREAM_FILTER_READ); +echo fread($fp, 2000); +fclose($fp); +echo "1\n"; +$fp = fopen(dirname(__FILE__) . '/test.txt.gz', 'r'); +// zlib format +$fp = fopen(dirname(__FILE__) . '/test.txt.gz', 'r'); +stream_filter_append($fp, 'zlib.inflate', STREAM_FILTER_READ, array('window' => 15+16)); +echo "2\n"; +echo fread($fp, 2000); +fclose($fp); +// auto-detect +$fp = fopen(dirname(__FILE__) . '/test.txt.gz', 'r'); +stream_filter_append($fp, 'zlib.inflate', STREAM_FILTER_READ, array('window' => 15+32)); +echo "3\n"; +echo fread($fp, 2000); +fclose($fp); + +?> +--CLEAN-- +<?php +@unlink(dirname(__FILE__) . '/test.txt.gz'); +?> +--EXPECT-- +1 +2 +This is quite the thing ain't it +3 +This is quite the thing ain't it
\ No newline at end of file diff --git a/ext/zlib/zlib.c b/ext/zlib/zlib.c index 2df9aaae3..6b6c45453 100644 --- a/ext/zlib/zlib.c +++ b/ext/zlib/zlib.c @@ -2,7 +2,7 @@ +----------------------------------------------------------------------+ | PHP Version 5 | +----------------------------------------------------------------------+ - | Copyright (c) 1997-2007 The PHP Group | + | Copyright (c) 1997-2008 The PHP Group | +----------------------------------------------------------------------+ | This source file is subject to version 3.01 of the PHP license, | | that is bundled with this package in the file LICENSE, and is | @@ -19,7 +19,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: zlib.c,v 1.183.2.6.2.5 2007/01/01 09:36:10 sebastian Exp $ */ +/* $Id: zlib.c,v 1.183.2.6.2.6 2007/12/31 07:20:14 sebastian Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" diff --git a/ext/zlib/zlib_filter.c b/ext/zlib/zlib_filter.c index fd3e19c7a..e168c407f 100644 --- a/ext/zlib/zlib_filter.c +++ b/ext/zlib/zlib_filter.c @@ -2,7 +2,7 @@ +----------------------------------------------------------------------+ | PHP Version 5 | +----------------------------------------------------------------------+ - | Copyright (c) 1997-2007 The PHP Group | + | Copyright (c) 1997-2008 The PHP Group | +----------------------------------------------------------------------+ | This source file is subject to version 3.01 of the PHP license, | | that is bundled with this package in the file LICENSE, and is | @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: zlib_filter.c,v 1.6.2.2.2.4 2007/01/25 12:22:21 tony2001 Exp $ */ +/* $Id: zlib_filter.c,v 1.6.2.2.2.11 2008/02/12 23:29:18 cellog Exp $ */ #include "php.h" #include "php_zlib.h" @@ -100,11 +100,6 @@ static php_stream_filter_status_t php_zlib_inflate_filter( consumed += desired; bin += desired; - if (!desired) { - flags |= PSFS_FLAG_FLUSH_CLOSE; - break; - } - if (data->strm.avail_out < data->outbuf_len) { php_stream_bucket *out_bucket; size_t bucketlen = data->outbuf_len - data->strm.avail_out; @@ -113,7 +108,12 @@ static php_stream_filter_status_t php_zlib_inflate_filter( data->strm.avail_out = data->outbuf_len; data->strm.next_out = data->outbuf; exit_status = PSFS_PASS_ON; + } else if (status == Z_STREAM_END && data->strm.avail_out >= data->outbuf_len) { + /* no more data to decompress, and nothing was spat out */ + php_stream_bucket_delref(bucket TSRMLS_CC); + return PSFS_PASS_ON; } + } php_stream_bucket_delref(bucket TSRMLS_CC); } @@ -213,11 +213,6 @@ static php_stream_filter_status_t php_zlib_deflate_filter( consumed += desired; bin += desired; - if (!desired) { - flags |= PSFS_FLAG_FLUSH_CLOSE; - break; - } - if (data->strm.avail_out < data->outbuf_len) { php_stream_bucket *out_bucket; size_t bucketlen = data->outbuf_len - data->strm.avail_out; @@ -320,15 +315,17 @@ static php_stream_filter *php_zlib_filter_create(const char *filtername, zval *f if ((Z_TYPE_P(filterparams) == IS_ARRAY || Z_TYPE_P(filterparams) == IS_OBJECT) && zend_hash_find(HASH_OF(filterparams), "window", sizeof("window"), (void **) &tmpzval) == SUCCESS) { + zval tmp; + /* log-2 base of history window (9 - 15) */ - SEPARATE_ZVAL(tmpzval); - convert_to_long_ex(tmpzval); - if (Z_LVAL_PP(tmpzval) < -MAX_WBITS || Z_LVAL_PP(tmpzval) > MAX_WBITS) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid parameter give for window size. (%ld)", Z_LVAL_PP(tmpzval)); + tmp = **tmpzval; + zval_copy_ctor(&tmp); + convert_to_long(&tmp); + if (Z_LVAL(tmp) < -MAX_WBITS || Z_LVAL(tmp) > MAX_WBITS + 32) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid parameter give for window size. (%ld)", Z_LVAL(tmp)); } else { - windowBits = Z_LVAL_PP(tmpzval); + windowBits = Z_LVAL(tmp); } - zval_ptr_dtor(tmpzval); } } @@ -352,27 +349,33 @@ static php_stream_filter *php_zlib_filter_create(const char *filtername, zval *f case IS_ARRAY: case IS_OBJECT: if (zend_hash_find(HASH_OF(filterparams), "memory", sizeof("memory"), (void**) &tmpzval) == SUCCESS) { + zval tmp; + + tmp = **tmpzval; + zval_copy_ctor(&tmp); + convert_to_long(&tmp); + /* Memory Level (1 - 9) */ - SEPARATE_ZVAL(tmpzval); - convert_to_long_ex(tmpzval); - if (Z_LVAL_PP(tmpzval) < 1 || Z_LVAL_PP(tmpzval) > MAX_MEM_LEVEL) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid parameter give for memory level. (%ld)", Z_LVAL_PP(tmpzval)); + if (Z_LVAL(tmp) < 1 || Z_LVAL(tmp) > MAX_MEM_LEVEL) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid parameter give for memory level. (%ld)", Z_LVAL(tmp)); } else { - memLevel = Z_LVAL_PP(tmpzval); + memLevel = Z_LVAL(tmp); } - zval_ptr_dtor(tmpzval); } if (zend_hash_find(HASH_OF(filterparams), "window", sizeof("window"), (void**) &tmpzval) == SUCCESS) { + zval tmp; + + tmp = **tmpzval; + zval_copy_ctor(&tmp); + convert_to_long(&tmp); + /* log-2 base of history window (9 - 15) */ - SEPARATE_ZVAL(tmpzval); - convert_to_long_ex(tmpzval); - if (Z_LVAL_PP(tmpzval) < -MAX_WBITS || Z_LVAL_PP(tmpzval) > MAX_WBITS) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid parameter give for window size. (%ld)", Z_LVAL_PP(tmpzval)); + if (Z_LVAL(tmp) < -MAX_WBITS || Z_LVAL(tmp) > MAX_WBITS + 16) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid parameter give for window size. (%ld)", Z_LVAL(tmp)); } else { - windowBits = Z_LVAL_PP(tmpzval); + windowBits = Z_LVAL(tmp); } - zval_ptr_dtor(tmpzval); } if (zend_hash_find(HASH_OF(filterparams), "level", sizeof("level"), (void**) &tmpzval) == SUCCESS) { @@ -383,17 +386,20 @@ static php_stream_filter *php_zlib_filter_create(const char *filtername, zval *f case IS_STRING: case IS_DOUBLE: case IS_LONG: - tmpzval = &filterparams; + { + zval tmp; + + tmp = *filterparams; + zval_copy_ctor(&tmp); + convert_to_long(&tmp); factory_setlevel: - /* Set compression level within reason (-1 == default, 0 == none, 1-9 == least to most compression */ - SEPARATE_ZVAL(tmpzval); - convert_to_long_ex(tmpzval); - if (Z_LVAL_PP(tmpzval) < -1 || Z_LVAL_PP(tmpzval) > 9) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid compression level specified. (%ld)", Z_LVAL_PP(tmpzval)); - } else { - level = Z_LVAL_PP(tmpzval); + /* Set compression level within reason (-1 == default, 0 == none, 1-9 == least to most compression */ + if (Z_LVAL(tmp) < -1 || Z_LVAL(tmp) > 9) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid compression level specified. (%ld)", Z_LVAL(tmp)); + } else { + level = Z_LVAL(tmp); + } } - zval_ptr_dtor(tmpzval); break; default: php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filter parameter, ignored."); diff --git a/ext/zlib/zlib_fopen_wrapper.c b/ext/zlib/zlib_fopen_wrapper.c index e1153ece3..926a179df 100644 --- a/ext/zlib/zlib_fopen_wrapper.c +++ b/ext/zlib/zlib_fopen_wrapper.c @@ -2,7 +2,7 @@ +----------------------------------------------------------------------+ | PHP Version 5 | +----------------------------------------------------------------------+ - | Copyright (c) 1997-2007 The PHP Group | + | Copyright (c) 1997-2008 The PHP Group | +----------------------------------------------------------------------+ | This source file is subject to version 3.01 of the PHP license, | | that is bundled with this package in the file LICENSE, and is | @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: zlib_fopen_wrapper.c,v 1.46.2.1.2.4 2007/05/08 12:08:17 dmitry Exp $ */ +/* $Id: zlib_fopen_wrapper.c,v 1.46.2.1.2.5 2007/12/31 07:20:14 sebastian Exp $ */ #define _GNU_SOURCE |