PHP :: Bug #43589 :: infinite loop in bz2_filter.c
| Bug #43589 | infinite loop in bz2_filter.c | ||||
|---|---|---|---|---|---|
| Submitted: | 2007-12-13 19:32 UTC | Modified: | 2007-12-16 17:22 UTC | ||
| From: | greg at chiaraquartet dot net | Assigned: | |||
| Status: | Closed | Package: | Streams related | ||
| PHP Version: | 5.3CVS-2007-12-13 (CVS) | OS: | n/a | ||
| Private report: | No | CVE-ID: | None | ||
[2007-12-13 19:32 UTC] greg at chiaraquartet dot net
Description:
------------
An endless loop is possible in the bz2 stream filter bzip2.decompress if status == BZ_OK and data->strm.avail_out < data->outbuf_len
Reproduce code:
---------------
Index: ext/bz2/bz2_filter.c
===================================================================
RCS file: /repository/php-src/ext/bz2/bz2_filter.c,v
retrieving revision 1.3.2.2.2.5
diff -u -r1.3.2.2.2.5 bz2_filter.c
--- ext/bz2/bz2_filter.c 9 Aug 2007 23:27:22 -0000 1.3.2.2.2.5
+++ ext/bz2/bz2_filter.c 13 Dec 2007 19:29:27 -0000
@@ -132,6 +132,8 @@
data->strm.avail_out = data->outbuf_len;
data->strm.next_out = data->outbuf;
exit_status = PSFS_PASS_ON;
+ } else {
+ break;
}
}
}
Patches
Pull Requests
History
AllCommentsChangesGit/SVN commits
[2007-12-13 19:35 UTC] cellog@php.net
bad patch - missing if condition: Index: ext/bz2/bz2_filter.c =================================================================== RCS file: /repository/php-src/ext/bz2/bz2_filter.c,v retrieving revision 1.3.2.2.2.5 diff -u -r1.3.2.2.2.5 bz2_filter.c --- ext/bz2/bz2_filter.c 9 Aug 2007 23:27:22 -0000 1.3.2.2.2.5 +++ ext/bz2/bz2_filter.c 13 Dec 2007 19:34:48 -0000 @@ -132,6 +132,8 @@ data->strm.avail_out = data->outbuf_len; data->strm.next_out = data->outbuf; exit_status = PSFS_PASS_ON; + } elseif (status == BZ_OK) { + break; } } }[2007-12-16 17:22 UTC] iliaa@php.net