php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 00:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'PHP-8.4' into PHP-8.5

Browse Source 
* PHP-8.4:
  bz2: Fix truncation of total output size causing erroneous errors
This commit is contained in:
ndossche
2026-02-27 23:47:13 +01:00
parent 7a8a8633ce 4ee95fc2f3
commit 9248a6c70e
3 changed files with 26 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
NEWS
View File

@@ -2,6 +2,9 @@ PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? ????, PHP 8.5.5
- Bz2:
. Fix truncation of total output size causing erroneous errors. (ndossche)
- Opcache:
. Fixed bug GH-21052 (Preloaded constant erroneously propagated to file-cached
script). (ilutov)

17
ext/bz2/bz2.c
View File

@@ -511,11 +511,7 @@ PHP_FUNCTION(bzdecompress)
size_t source_len;
int error;
bool small = 0;
#ifdef PHP_WIN32
unsigned __int64 size = 0;
#else
unsigned long long size = 0;
#endif
uint64_t size = 0;
bz_stream bzs;
if (FAILURE == zend_parse_parameters(ZEND_NUM_ARGS(), "s|b", &source, &source_len, &small)) {
@@ -541,27 +537,22 @@ PHP_FUNCTION(bzdecompress)
while ((error = BZ2_bzDecompress(&bzs)) == BZ_OK && bzs.avail_in > 0) {
/* compression is better then 2:1, need to allocate more memory */
bzs.avail_out = source_len;
size = (bzs.total_out_hi32 * (unsigned int) -1) + bzs.total_out_lo32;
#ifndef ZEND_ENABLE_ZVAL_LONG64
size = (((uint64_t) bzs.total_out_hi32) << 32U) + bzs.total_out_lo32;
if (size > SIZE_MAX) {
/* no reason to continue if we're going to drop it anyway */
break;
}
#endif
dest = zend_string_safe_realloc(dest, 1, bzs.avail_out+1, (size_t) size, 0);
bzs.next_out = ZSTR_VAL(dest) + size;
}
if (error == BZ_STREAM_END || error == BZ_OK) {
size = (bzs.total_out_hi32 * (unsigned int) -1) + bzs.total_out_lo32;
#ifndef ZEND_ENABLE_ZVAL_LONG64
size = (((uint64_t) bzs.total_out_hi32) << 32U) + bzs.total_out_lo32;
if (UNEXPECTED(size > SIZE_MAX)) {
php_error_docref(NULL, E_WARNING, "Decompressed size too big, max is %zd", SIZE_MAX);
zend_string_efree(dest);
RETVAL_LONG(BZ_MEM_ERROR);
} else
#endif
{
} else {
dest = zend_string_safe_realloc(dest, 1, (size_t)size, 1, 0);
ZSTR_LEN(dest) = (size_t)size;
ZSTR_VAL(dest)[(size_t)size] = '\0';

19
ext/bz2/tests/gh20807.phpt Normal file
View File

File diff suppressed because one or more lines are too long