archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix #81092: fflush before stream_filter_remove corrupts stream

Browse source 
When doing a non finishing flush, BZ2_bzCompress() returns BZ_FLUSH_OK
(not BZ_FINISH_OK) what requires us to do further flushes right away.

We also refactor the while-loop as do-loop.

Closes GH-7113.
This commit is contained in:
Christoph M. Becker 2021-06-07 15:57:25 +02:00
parent d8165c2502
commit a1738d8bd1
No known key found for this signature in database
GPG key ID: D66C9593118BCCB6
3 changed files with 28 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
NEWS
View file

@ -10,6 +10,10 @@ PHP NEWS
. Fixed bug #81070 (Integer underflow in memory limit comparison).
(Peter van Dommelen)
- Bzip2:
. Fixed bug #81092 (fflush before stream_filter_remove corrupts stream).
(cmb)
- OpenSSL:
. Fixed bug #76694 (native Windows cert verification uses CN as sever name).
(cmb)

5
ext/bz2/bz2_filter.c
View file

@ -268,8 +268,7 @@ static php_stream_filter_status_t php_bz2_compress_filter(
if (flags & PSFS_FLAG_FLUSH_CLOSE || ((flags & PSFS_FLAG_FLUSH_INC) && !data->is_flushed)) {
/* Spit it out! */
status = BZ_FINISH_OK;
while (status == BZ_FINISH_OK) {
do {
status = BZ2_bzCompress(&(data->strm), (flags & PSFS_FLAG_FLUSH_CLOSE ? BZ_FINISH : BZ_FLUSH));
data->is_flushed = 1;
if (data->strm.avail_out < data->outbuf_len) {
@ -281,7 +280,7 @@ static php_stream_filter_status_t php_bz2_compress_filter(
data->strm.next_out = data->outbuf;
exit_status = PSFS_PASS_ON;
}
}
} while (status == (flags & PSFS_FLAG_FLUSH_CLOSE ? BZ_FINISH_OK : BZ_FLUSH_OK));
}
if (bytes_consumed) {

22
ext/bz2/tests/bug81092.phpt Normal file
View file

@ -0,0 +1,22 @@
--TEST--
Bug #81092 (fflush before stream_filter_remove corrupts stream)
--SKIPIF--
<?php
if (!extension_loaded('bz2')) die('skip bz2 extension not available');
?>
--FILE--
<?php
$stream = fopen(__DIR__ . "/81092.bz2", 'wb+');
$filter = stream_filter_append($stream, 'bzip2.compress', STREAM_FILTER_WRITE, ['blocks' => 9, 'work' => 0]);
fwrite($stream, random_bytes(8192));
fflush($stream);
stream_filter_remove($filter);
var_dump(strlen(bzdecompress(file_get_contents(__DIR__ . "/81092.bz2"))));
?>
--CLEAN--
<?php
@unlink(__DIR__ . "/81092.bz2");
?>
--EXPECT--
int(8192)