The current code causes the phar entry to remain in the fname cache.
This would be fine for uncompressed phars, but is a problem for
compressed phars when they try to reopen the file pointer.
The reopen code will try to use the compressed file pointer as if it
were an uncompressed file pointer. In that case, for the given test, the
file offsets are out of bounds for the compressed file pointer because
they are the uncompressed offsets. This results in empty files.
In other cases, it's possible to read compressed parts of the file that don't
belong to that particular file.
To solve this, we simply remove the phar entry from the fname cache if
the file pointer was closed but the phar is compressed. This will make
sure that reopening the phar will not go through the cache and instead
opens up a fresh file pointer with the right decompression settings.
Closes GH-20754.
This stopped working after e735d2bc3b because fp_refcount is increased,
making phar think that the file has open read pointers.
To fix this, the refcount shouldn't be increased but that would
re-introduce the previous bug.
Instead, we need to add a field that "locks" the existence of the
internal entry separate from the refcount.
Closes GH-20473.
The size of `got` was incorrect: it being unsigned means that the error
return codes are converted from -1 to SIZE_MAX. We should use ssize_t
instead.
Closes GH-20735.
* PHP-8.5:
Fix GH-20435: SensitiveParameter doesn't work for named argument passing to variadic parameter
Fix GH-20442: Phar does not respect case-insensitiveness of __halt_compiler() when reading stub
* PHP-8.4:
Fix GH-20435: SensitiveParameter doesn't work for named argument passing to variadic parameter
Fix GH-20442: Phar does not respect case-insensitiveness of __halt_compiler() when reading stub
* PHP-8.3:
Fix GH-20435: SensitiveParameter doesn't work for named argument passing to variadic parameter
Fix GH-20442: Phar does not respect case-insensitiveness of __halt_compiler() when reading stub
Functions are case insensitive. The flush code already takes this into
account by checking for the __halt_compiler() symbol in a case
insensitive manner; however the parsing code did not do that yet.
Closes GH-20445.
* tree-wide: Replace `CHECK_NULL_PATH()` by `zend_char_has_nul_byte()`
The former is a direct alias of the latter with a more explicit name and the
former is explicitly documented as a “compatibility” alias.
* tree-wide: Replace `CHECK_ZVAL_NULL_PATH()` by its definition
The former is explicitly documented as a “compatibility” alias.
* zend_API: Remove `CHECK*NULL_PATH`
The `CHECK_ZVAL_NULL_PATH()` macro is unsafe, because it implicitly assumes
that the given `zval*` is `IS_STRING`.
Based on a GitHub search there does not seem to be any user outside of PHP, all
hits were just forks / copies of php-src.
phar_metadata_tracker_unserialize_or_copy() is only ever preceded by
phar_metadata_tracker_has_data() which won't throw.
This check is quite hacky and it should always be the responsibility of
the caller to avoid calling this, even the comment acknowledges this is
a hack.
