Merge branch 'PHP-7.4' into PHP-8.0

* PHP-7.4: Fix #80384: limit read buffer size
2025-08-16 05:58:45 +02:00 · 2020-12-23 13:52:24 +01:00 · 2020-12-23 13:52:24 +01:00 · 7d9ddd61ec
commit 7d9ddd61ec
parent 288332077f 70dfbe0068
4 changed files with 33 additions and 2 deletions
--- a/2
+++ b/2
@ -4,6 +4,8 @@ PHP                                                                        NEWS
 - Core:
  . Fixed bug #80523 (bogus parse error on >4GB source code). (Nikita)
  . Fixed bug #80384 (filter buffers entire read until file closed). (Adam
    Seitz, cmb)
 - Date:
  . Fixed bug #80376 (last day of the month causes runway cpu usage). (Derick)
--- a/ext/standard/tests/streams/bug79984.phpt
+++ b/ext/standard/tests/streams/bug79984.phpt
@ -52,6 +52,6 @@ fclose($f2);
 --EXPECT--
 filter onCreate
 filtered 8192 bytes.
-filtered 128 bytes and closing.
+filtered 128 bytes and closing. Stream has reached end-of-file.
 int(8320)
 filter onClose
--- a/main/streams/streams.c
+++ b/main/streams/streams.c
@ -540,6 +540,7 @@ PHPAPI int _php_stream_fill_read_buffer(php_stream *stream, size_t size)
 	/* allocate/fill the buffer */
 	if (stream->readfilters.head) {
 		size_t to_read_now = MIN(size, stream->chunk_size);
 		char *chunk_buf;
 		php_stream_bucket_brigade brig_in = { NULL, NULL }, brig_out = { NULL, NULL };
 		php_stream_bucket_brigade *brig_inp = &brig_in, *brig_outp = &brig_out, *brig_swap;
@ -547,7 +548,7 @@ PHPAPI int _php_stream_fill_read_buffer(php_stream *stream, size_t size)
 		/* allocate a buffer for reading chunks */
 		chunk_buf = emalloc(stream->chunk_size);
-		while (!stream->eof && (stream->writepos - stream->readpos < (zend_off_t)size)) {
+		while (!stream->eof && (stream->writepos - stream->readpos < (zend_off_t)to_read_now)) {
 			ssize_t justread = 0;
 			int flags;
 			php_stream_bucket *bucket;
--- a/tests/basic/bug80384.phpt
+++ b/tests/basic/bug80384.phpt
@ -0,0 +1,28 @@
 --TEST--
 Bug #80384 large reads cause filters to internally buffer large amounts of memory
 --FILE--
 <?php
 /* First, create a file to read */
 $tmp_filename = __DIR__ . "/bug80384.tmp";
 $fp = fopen($tmp_filename, 'w');
 for ($i=0; $i<1024; $i++) {
    fwrite($fp, str_repeat('ABCDEFGH', 1024));
 }
 fclose($fp);
 /* Stream the file through a filter */
 $fp = fopen($tmp_filename, 'r');
 $filter = stream_filter_append($fp, "string.rot13");
 $mem_start = memory_get_usage();
 fread($fp, 8 * 1024 * 1024);
 $mem_final = memory_get_usage();
 fclose($fp);
 var_dump($mem_final - $mem_start < 32768);
 ?>
 --CLEAN--
 <?php
 unlink(__DIR__ . "/bug80384.tmp");
 ?>
 --EXPECT--
 bool(true)