diff --git a/NEWS b/NEWS index 2829db92cfc..436160e8bac 100644 --- a/NEWS +++ b/NEWS @@ -2,6 +2,9 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? ????, PHP 8.4.9 +- Phar: + . Add missing filter cleanups on phar failure. (nielsdos) + - SimpleXML: . Fixed bug GH-18597 (Heap-buffer-overflow in zend_alloc.c when assigning string with UTF-8 bytes). (nielsdos) diff --git a/ext/phar/phar.c b/ext/phar/phar.c index a4a9b7d2139..4d8710b1b79 100644 --- a/ext/phar/phar.c +++ b/ext/phar/phar.c @@ -1706,6 +1706,7 @@ static zend_result phar_open_from_fp(php_stream* fp, char *fname, size_t fname_l php_stream_filter_append(&temp->writefilters, filter); if (SUCCESS != php_stream_copy_to_stream_ex(fp, temp, PHP_STREAM_COPY_ALL, NULL)) { + php_stream_filter_remove(filter, 1); if (err) { php_stream_close(temp); MAPPHAR_ALLOC_FAIL("unable to decompress gzipped phar archive \"%s\", ext/zlib is buggy in PHP versions older than 5.2.6") @@ -1752,6 +1753,7 @@ static zend_result phar_open_from_fp(php_stream* fp, char *fname, size_t fname_l php_stream_filter_append(&temp->writefilters, filter); if (SUCCESS != php_stream_copy_to_stream_ex(fp, temp, PHP_STREAM_COPY_ALL, NULL)) { + php_stream_filter_remove(filter, 1); php_stream_close(temp); MAPPHAR_ALLOC_FAIL("unable to decompress bzipped phar archive \"%s\" to temporary file") } @@ -2796,6 +2798,7 @@ void phar_flush_ex(phar_archive_data *phar, zend_string *user_stub, bool is_defa } entry->cfp = shared_cfp; if (!entry->cfp) { + php_stream_filter_free(filter); if (error) { spprintf(error, 0, "unable to create temporary file"); } @@ -2810,6 +2813,7 @@ void phar_flush_ex(phar_archive_data *phar, zend_string *user_stub, bool is_defa entry->header_offset = php_stream_tell(entry->cfp); php_stream_flush(file); if (-1 == phar_seek_efp(entry, 0, SEEK_SET, 0, 0)) { + php_stream_filter_free(filter); if (must_close_old_file) { php_stream_close(oldfile); } @@ -2821,6 +2825,7 @@ void phar_flush_ex(phar_archive_data *phar, zend_string *user_stub, bool is_defa } php_stream_filter_append((&entry->cfp->writefilters), filter); if (SUCCESS != php_stream_copy_to_stream_ex(file, entry->cfp, entry->uncompressed_filesize, NULL)) { + php_stream_filter_remove(filter, 1); if (must_close_old_file) { php_stream_close(oldfile); } diff --git a/ext/phar/zip.c b/ext/phar/zip.c index ad0e53a80c4..5c7cd08bd63 100644 --- a/ext/phar/zip.c +++ b/ext/phar/zip.c @@ -674,6 +674,7 @@ foundit: } if (!entry.uncompressed_filesize || !actual_alias) { + php_stream_filter_remove(filter, 1); pefree(entry.filename, entry.is_persistent); PHAR_ZIP_FAIL("unable to read in alias, truncated"); } @@ -706,6 +707,7 @@ foundit: } if (!entry.uncompressed_filesize || !actual_alias) { + php_stream_filter_remove(filter, 1); pefree(entry.filename, entry.is_persistent); PHAR_ZIP_FAIL("unable to read in alias, truncated"); } @@ -999,6 +1001,7 @@ static int phar_zip_changed_apply_int(phar_entry_info *entry, void *arg) /* {{{ entry->cfp = php_stream_fopen_tmpfile(); if (!entry->cfp) { + php_stream_filter_free(filter); spprintf(p->error, 0, "unable to create temporary file for file \"%s\" while creating zip-based phar \"%s\"", entry->filename, entry->phar->fname); return ZEND_HASH_APPLY_STOP; } @@ -1006,6 +1009,7 @@ static int phar_zip_changed_apply_int(phar_entry_info *entry, void *arg) /* {{{ php_stream_flush(efp); if (-1 == phar_seek_efp(entry, 0, SEEK_SET, 0, 0)) { + php_stream_filter_free(filter); spprintf(p->error, 0, "unable to seek to start of file \"%s\" to zip-based phar \"%s\"", entry->filename, entry->phar->fname); return ZEND_HASH_APPLY_STOP; } @@ -1013,6 +1017,7 @@ static int phar_zip_changed_apply_int(phar_entry_info *entry, void *arg) /* {{{ php_stream_filter_append((&entry->cfp->writefilters), filter); if (SUCCESS != php_stream_copy_to_stream_ex(efp, entry->cfp, entry->uncompressed_filesize, NULL)) { + php_stream_filter_remove(filter, 1); spprintf(p->error, 0, "unable to copy compressed file contents of file \"%s\" while creating new phar \"%s\"", entry->filename, entry->phar->fname); return ZEND_HASH_APPLY_STOP; }