Merge branch 'PHP-8.3' into PHP-8.4

* PHP-8.3: Fix memory leak when handling a too long path in ZipArchive::addGlob() Fix uouv when handling empty options in ZipArchive::addGlob()
2026-03-24 00:02:20 +01:00 · 2025-04-16 10:46:17 +02:00
parent 061b46e09d 91c6c727d5
commit ecd2872cf4
4 changed files with 53 additions and 2 deletions
--- a/5
+++ b/5
@@ -57,6 +57,11 @@ PHP                                                                        NEWS
  . Address deprecated PHP 8.4 session options to prevent test failures.
    (willvar)

+- Zip:
+  . Fix uouv when handling empty options in ZipArchive::addGlob(). (nielsdos)
+  . Fix memory leak when handling a too long path in ZipArchive::addGlob().
+    (nielsdos)
+
 10 Apr 2025, PHP 8.4.6

 - BCMath:
--- a/ext/zip/php_zip.c
+++ b/ext/zip/php_zip.c
@@ -353,13 +353,13 @@ typedef struct {
 #endif
 } zip_options;

+/* Expects opts to be zero-initialized. */
 static int php_zip_parse_options(HashTable *options, zip_options *opts)
 /* {{{ */
 {
 	zval *option;

 	/* default values */
-	memset(opts, 0, sizeof(zip_options));
 	opts->flags = ZIP_FL_OVERWRITE;
 	opts->comp_method = -1; /* -1 to not change default */
 #ifdef HAVE_ENCRYPTION
@@ -1738,7 +1738,7 @@ static void php_zip_add_from_pattern(INTERNAL_FUNCTION_PARAMETERS, int type) /*
 	size_t  path_len = 1;
 	zend_long glob_flags = 0;
 	HashTable *options = NULL;
-	zip_options opts;
+	zip_options opts = {0};
 	int found;
 	zend_string *pattern;

@@ -1802,6 +1802,9 @@ static void php_zip_add_from_pattern(INTERNAL_FUNCTION_PARAMETERS, int type) /*

 				if (opts.add_path) {
 					if ((opts.add_path_len + file_stripped_len) > MAXPATHLEN) {
+						if (basename) {
+							zend_string_release_ex(basename, 0);
+						}
 						php_error_docref(NULL, E_WARNING, "Entry name too long (max: %d, %zd given)",
 						MAXPATHLEN - 1, (opts.add_path_len + file_stripped_len));
 						zend_array_destroy(Z_ARR_P(return_value));
--- a/ext/zip/tests/addGlob_empty_options.phpt
+++ b/ext/zip/tests/addGlob_empty_options.phpt
@@ -0,0 +1,22 @@
+--TEST--
+addGlob with empty options
+--EXTENSIONS--
+zip
+--FILE--
+<?php
+
+touch($file = __DIR__ . '/addglob_empty_options.zip');
+
+$zip = new ZipArchive();
+$zip->open($file, ZipArchive::CREATE | ZipArchive::OVERWRITE);
+$zip->addGlob(__FILE__, 0, []);
+var_dump($zip->statIndex(0)['name'] === __FILE__);
+$zip->close();
+
+?>
+--CLEAN--
+<?php
+@unlink(__DIR__ . '/addglob_empty_options.zip');
+?>
+--EXPECT--
+bool(true)
--- a/ext/zip/tests/addGlob_too_long_add_path_option.phpt
+++ b/ext/zip/tests/addGlob_too_long_add_path_option.phpt
@@ -0,0 +1,21 @@
+--TEST--
+addGlob with too long add_path option
+--EXTENSIONS--
+zip
+--FILE--
+<?php
+
+touch($file = __DIR__ . '/addglob_too_long_add_path.zip');
+
+$zip = new ZipArchive();
+$zip->open($file, ZipArchive::CREATE | ZipArchive::OVERWRITE);
+$zip->addGlob(__FILE__, 0, ['add_path' => str_repeat('A', PHP_MAXPATHLEN - 2)]);
+$zip->close();
+
+?>
+--CLEAN--
+<?php
+@unlink(__DIR__ . '/addglob_too_long_add_path.zip');
+?>
+--EXPECTF--
+Warning: ZipArchive::addGlob(): Entry name too long (max: %d, %d given) in %s on line %d