From b09ed9a0f25cda8c9eea9d140c01587cd50b4aa8 Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Sun, 22 Dec 2024 12:14:16 +0100
Subject: [PATCH] Use format string to cut off filename instead of duplicating
 memory

Split off from GH-17240.
---
 ext/phar/phar_object.c | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c
index dbc3f91b983..462e815b90a 100644
--- a/ext/phar/phar_object.c
+++ b/ext/phar/phar_object.c
@@ -4169,9 +4169,7 @@ static zend_result phar_extract_file(bool overwrite, phar_entry_info *entry, cha
 	if (virtual_file_ex(&new_state, entry->filename, NULL, CWD_EXPAND) != 0 ||
 			new_state.cwd_length <= 1) {
 		if (EINVAL == errno && entry->filename_len > 50) {
-			char *tmp = estrndup(entry->filename, 50);
-			spprintf(error, 4096, "Cannot extract \"%s...\" to \"%s...\", extracted filename is too long for filesystem", tmp, dest);
-			efree(tmp);
+			spprintf(error, 4096, "Cannot extract \"%.50s...\" to \"%s...\", extracted filename is too long for filesystem", entry->filename, dest);
 		} else {
 			spprintf(error, 4096, "Cannot extract \"%s\", internal error", entry->filename);
 		}
@@ -4196,13 +4194,10 @@ static zend_result phar_extract_file(bool overwrite, phar_entry_info *entry, cha
 	len = spprintf(&fullpath, 0, "%s/%s", dest, filename);
 
 	if (len >= MAXPATHLEN) {
-		char *tmp;
 		/* truncate for error message */
 		fullpath[50] = '\0';
 		if (entry->filename_len > 50) {
-			tmp = estrndup(entry->filename, 50);
-			spprintf(error, 4096, "Cannot extract \"%s...\" to \"%s...\", extracted filename is too long for filesystem", tmp, fullpath);
-			efree(tmp);
+			spprintf(error, 4096, "Cannot extract \"%.50s...\" to \"%s...\", extracted filename is too long for filesystem", entry->filename, fullpath);
 		} else {
 			spprintf(error, 4096, "Cannot extract \"%s\" to \"%s...\", extracted filename is too long for filesystem", entry->filename, fullpath);
 		}