From 08f08858f3bc62fac9150ca5b669df060b5af5a5 Mon Sep 17 00:00:00 2001 From: timurib Date: Mon, 25 Jun 2018 14:14:26 +0300 Subject: [PATCH] Fix bug #76524 - ZipArchive memory leak Bugfix #76524: Free up zip internal state and adjust the tests for Windows Bugfix #76524: Fix possible use after free for libzip 1.3.1 Bugfix #76524: Make the test independent of platform --- ext/zip/php_zip.c | 7 +++++-- ext/zip/tests/bug76524.phpt | 21 +++++++++++++++++++++ 2 files changed, 26 insertions(+), 2 deletions(-) create mode 100644 ext/zip/tests/bug76524.phpt diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c index ade0b991737..cdf77f20cd3 100644 --- a/ext/zip/php_zip.c +++ b/ext/zip/php_zip.c @@ -1003,10 +1003,13 @@ static void php_zip_object_free_storage(zend_object *object) /* {{{ */ } if (intern->za) { if (zip_close(intern->za) != 0) { +#if LIBZIP_VERSION_MAJOR == 1 && LIBZIP_VERSION_MINOR == 3 && LIBZIP_VERSION_MICRO == 1 + php_error_docref(NULL, E_WARNING, "Cannot destroy the zip context: %s", "zip_close have failed"); +#else php_error_docref(NULL, E_WARNING, "Cannot destroy the zip context: %s", zip_strerror(intern->za)); - return; + zip_discard(intern->za); +#endif } - intern->za = NULL; } if (intern->buffers_cnt>0) { diff --git a/ext/zip/tests/bug76524.phpt b/ext/zip/tests/bug76524.phpt new file mode 100644 index 00000000000..f28bfc13f23 --- /dev/null +++ b/ext/zip/tests/bug76524.phpt @@ -0,0 +1,21 @@ +--TEST-- +ZipArchive Bug #76524 (memory leak with ZipArchive::OVERWRITE flag and empty archive) +--SKIPIF-- + +--FILE-- +open($filename, ZipArchive::CREATE | ZipArchive::OVERWRITE); +echo 'ok'; + +/* Zip-related error messages depend on platform and libzip version, + so the regex is used to check that Zend MM does NOT show warnings + about leaks: */ +?> +--EXPECTREGEX-- +ok((?!memory leaks detected).)*