Home Original page

ZipArchive segfault with FL_UNCHANGED on empty archive

Bug #53885 ZipArchive segfault with FL_UNCHANGED on empty archive
Submitted: 2011-01-30 23:15 UTC Modified: 2011-01-30 23:31 UTC
From: stas@php.net Assigned: stas (profile)
Status: Closed Package: Zip Related
PHP Version: 5.3SVN-2011-01-30 (SVN) OS: *
Private report: No CVE-ID: None

 [2011-01-30 23:15 UTC] stas@php.net

Description:
------------
From Maksymilian Arciemowicz:


PoC1:
php -r '$nx=new
ZipArchive();$nx->open("/dev/null");$nx-
>locateName("a",ZIPARCHIVE::FL_UNCHANGED);'

PoC2:
php -r '$nx=new
ZipArchive();$nx->open("empty.zip");$nx->statName("a",ZIPARCHIVE::FL_UNCHANGED);'


Segfault in _zip_name_locate.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

 [2011-01-30 23:30 UTC] stas@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: stas

 [2011-01-30 23:30 UTC] stas@php.net

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

 [2011-01-30 23:31 UTC] stas@php.net

-Package: Zlib related +Package: Zip Related