mirror of
https://github.com/php/php-src.git
synced 2026-03-24 00:02:20 +01:00
Merge branch 'PHP-8.5'
* PHP-8.5: Fix assertion failures resulting in crashes with stream filter object parameters
This commit is contained in:
Niels Dossche
@@ -337,12 +337,14 @@ static php_stream_filter *php_bz2_filter_create(const char *filtername, zval *fi
|
||||
zval *tmpzval = NULL;
|
||||
|
||||
if (Z_TYPE_P(filterparams) == IS_ARRAY || Z_TYPE_P(filterparams) == IS_OBJECT) {
|
||||
if ((tmpzval = zend_hash_str_find(HASH_OF(filterparams), "concatenated", sizeof("concatenated")-1))) {
|
||||
HashTable *ht = HASH_OF(filterparams);
|
||||
|
||||
if ((tmpzval = zend_hash_str_find_ind(ht, "concatenated", sizeof("concatenated")-1))) {
|
||||
data->expect_concatenated = zend_is_true(tmpzval);
|
||||
tmpzval = NULL;
|
||||
}
|
||||
|
||||
tmpzval = zend_hash_str_find(HASH_OF(filterparams), "small", sizeof("small")-1);
|
||||
tmpzval = zend_hash_str_find_ind(ht, "small", sizeof("small")-1);
|
||||
} else {
|
||||
tmpzval = filterparams;
|
||||
}
|
||||
@@ -362,7 +364,9 @@ static php_stream_filter *php_bz2_filter_create(const char *filtername, zval *fi
|
||||
zval *tmpzval;
|
||||
|
||||
if (Z_TYPE_P(filterparams) == IS_ARRAY || Z_TYPE_P(filterparams) == IS_OBJECT) {
|
||||
if ((tmpzval = zend_hash_str_find(HASH_OF(filterparams), "blocks", sizeof("blocks")-1))) {
|
||||
HashTable *ht = HASH_OF(filterparams);
|
||||
|
||||
if ((tmpzval = zend_hash_str_find_ind(ht, "blocks", sizeof("blocks")-1))) {
|
||||
/* How much memory to allocate (1 - 9) x 100kb */
|
||||
zend_long blocks = zval_get_long(tmpzval);
|
||||
if (blocks < 1 || blocks > 9) {
|
||||
@@ -372,7 +376,7 @@ static php_stream_filter *php_bz2_filter_create(const char *filtername, zval *fi
|
||||
}
|
||||
}
|
||||
|
||||
if ((tmpzval = zend_hash_str_find(HASH_OF(filterparams), "work", sizeof("work")-1))) {
|
||||
if ((tmpzval = zend_hash_str_find_ind(ht, "work", sizeof("work")-1))) {
|
||||
/* Work Factor (0 - 250) */
|
||||
zend_long work = zval_get_long(tmpzval);
|
||||
if (work < 0 || work > 250) {
|
||||
|
||||
25
ext/bz2/tests/filter_broken_object_options.phpt
Normal file
25
ext/bz2/tests/filter_broken_object_options.phpt
Normal file
@@ -0,0 +1,25 @@
|
||||
--TEST--
|
||||
bz2 filter assertion failure with non-dynamic properties in filter param object
|
||||
--EXTENSIONS--
|
||||
bz2
|
||||
--FILE--
|
||||
<?php
|
||||
|
||||
class ParamsCompress {
|
||||
public int $blocks = 5;
|
||||
public int $work = 10;
|
||||
}
|
||||
|
||||
class ParamsDecompress {
|
||||
public bool $concatenated = true;
|
||||
public bool $small = true;
|
||||
}
|
||||
|
||||
$fp = fopen('php://stdout', 'w');
|
||||
stream_filter_append($fp, 'bzip2.compress', STREAM_FILTER_WRITE, new ParamsCompress);
|
||||
stream_filter_append($fp, 'bzip2.decompress', STREAM_FILTER_WRITE, new ParamsDecompress);
|
||||
fwrite($fp, "Hello world, hopefully not broken\n");
|
||||
|
||||
?>
|
||||
--EXPECT--
|
||||
Hello world, hopefully not broken
|
||||
@@ -209,18 +209,18 @@ static php_stream * phar_wrapper_open_url(php_stream_wrapper *wrapper, const cha
|
||||
php_url_free(resource);
|
||||
efree(internal_file);
|
||||
|
||||
if (context && Z_TYPE(context->options) != IS_UNDEF && (pzoption = zend_hash_str_find(HASH_OF(&context->options), "phar", sizeof("phar")-1)) != NULL) {
|
||||
if (context && Z_TYPE(context->options) != IS_UNDEF && (pzoption = zend_hash_str_find_ind(HASH_OF(&context->options), "phar", sizeof("phar")-1)) != NULL) {
|
||||
pharcontext = HASH_OF(pzoption);
|
||||
if (idata->internal_file->uncompressed_filesize == 0
|
||||
&& idata->internal_file->compressed_filesize == 0
|
||||
&& (pzoption = zend_hash_str_find(pharcontext, "compress", sizeof("compress")-1)) != NULL
|
||||
&& (pzoption = zend_hash_str_find_ind(pharcontext, "compress", sizeof("compress")-1)) != NULL
|
||||
&& Z_TYPE_P(pzoption) == IS_LONG
|
||||
&& (Z_LVAL_P(pzoption) & ~PHAR_ENT_COMPRESSION_MASK) == 0
|
||||
) {
|
||||
idata->internal_file->flags &= ~PHAR_ENT_COMPRESSION_MASK;
|
||||
idata->internal_file->flags |= Z_LVAL_P(pzoption);
|
||||
}
|
||||
if ((pzoption = zend_hash_str_find(pharcontext, "metadata", sizeof("metadata")-1)) != NULL) {
|
||||
if ((pzoption = zend_hash_str_find_ind(pharcontext, "metadata", sizeof("metadata")-1)) != NULL) {
|
||||
phar_metadata_tracker_free(&idata->internal_file->metadata_tracker, idata->internal_file->is_persistent);
|
||||
|
||||
metadata = pzoption;
|
||||
|
||||
21
ext/zlib/tests/filter_broken_object_options.phpt
Normal file
21
ext/zlib/tests/filter_broken_object_options.phpt
Normal file
@@ -0,0 +1,21 @@
|
||||
--TEST--
|
||||
zlib filter assertion failure with non-dynamic properties in filter param object
|
||||
--EXTENSIONS--
|
||||
zlib
|
||||
--FILE--
|
||||
<?php
|
||||
|
||||
class Params {
|
||||
public int $memory = 6;
|
||||
public int $window = 15;
|
||||
public int $level = 6;
|
||||
}
|
||||
|
||||
$fp = fopen('php://stdout', 'w');
|
||||
stream_filter_append($fp, 'zlib.deflate', STREAM_FILTER_WRITE, new Params);
|
||||
stream_filter_append($fp, 'zlib.inflate', STREAM_FILTER_WRITE, new Params);
|
||||
fwrite($fp, "Hello world, hopefully not broken\n");
|
||||
|
||||
?>
|
||||
--EXPECT--
|
||||
Hello world, hopefully not broken
|
||||
@@ -323,7 +323,7 @@ static php_stream_filter *php_zlib_filter_create(const char *filtername, zval *f
|
||||
zval *tmpzval;
|
||||
|
||||
if ((Z_TYPE_P(filterparams) == IS_ARRAY || Z_TYPE_P(filterparams) == IS_OBJECT) &&
|
||||
(tmpzval = zend_hash_str_find(HASH_OF(filterparams), "window", sizeof("window") - 1))) {
|
||||
(tmpzval = zend_hash_str_find_ind(HASH_OF(filterparams), "window", sizeof("window") - 1))) {
|
||||
/* log-2 base of history window (9 - 15) */
|
||||
zend_long tmp = zval_get_long(tmpzval);
|
||||
if (tmp < -MAX_WBITS || tmp > MAX_WBITS + 32) {
|
||||
@@ -354,8 +354,10 @@ static php_stream_filter *php_zlib_filter_create(const char *filtername, zval *f
|
||||
|
||||
switch (Z_TYPE_P(filterparams)) {
|
||||
case IS_ARRAY:
|
||||
case IS_OBJECT:
|
||||
if ((tmpzval = zend_hash_str_find(HASH_OF(filterparams), "memory", sizeof("memory") -1))) {
|
||||
case IS_OBJECT: {
|
||||
HashTable *ht = HASH_OF(filterparams);
|
||||
|
||||
if ((tmpzval = zend_hash_str_find_ind(ht, "memory", sizeof("memory") -1))) {
|
||||
/* Memory Level (1 - 9) */
|
||||
tmp = zval_get_long(tmpzval);
|
||||
if (tmp < 1 || tmp > MAX_MEM_LEVEL) {
|
||||
@@ -365,7 +367,7 @@ static php_stream_filter *php_zlib_filter_create(const char *filtername, zval *f
|
||||
}
|
||||
}
|
||||
|
||||
if ((tmpzval = zend_hash_str_find(HASH_OF(filterparams), "window", sizeof("window") - 1))) {
|
||||
if ((tmpzval = zend_hash_str_find_ind(ht, "window", sizeof("window") - 1))) {
|
||||
/* log-2 base of history window (9 - 15) */
|
||||
tmp = zval_get_long(tmpzval);
|
||||
if (tmp < -MAX_WBITS || tmp > MAX_WBITS + 16) {
|
||||
@@ -375,13 +377,14 @@ static php_stream_filter *php_zlib_filter_create(const char *filtername, zval *f
|
||||
}
|
||||
}
|
||||
|
||||
if ((tmpzval = zend_hash_str_find(HASH_OF(filterparams), "level", sizeof("level") - 1))) {
|
||||
if ((tmpzval = zend_hash_str_find_ind(ht, "level", sizeof("level") - 1))) {
|
||||
tmp = zval_get_long(tmpzval);
|
||||
|
||||
/* Pseudo pass through to catch level validating code */
|
||||
goto factory_setlevel;
|
||||
}
|
||||
break;
|
||||
}
|
||||
case IS_STRING:
|
||||
case IS_DOUBLE:
|
||||
case IS_LONG:
|
||||
|
||||
Reference in New Issue
Block a user