1
0
mirror of https://github.com/php/php-src.git synced 2026-04-25 17:08:14 +02:00
Commit Graph

911 Commits

Author SHA1 Message Date
Niels Dossche 2f05830a5f zip: Don't truncate return value of zip_fread() with user sizes
The return type has been zip_int64_t since 2009, so we shouldn't
truncate to an int because the user may have requested a size that won't
fit in an int.

Closes GH-20509.
2025-11-18 20:30:42 +01:00
Niels Dossche 46a15ed439 Fix crash in property existence test in ext/zip
When type == 2, the zval is not initialized, so zval_ptr_dtor() on it
will crash.
Unfortunately couldn't test with property_exists() or Reflection because
they have fast paths that go through the property info, but fortunately
there are paths that don't implement a fast path (e.g. because it
doesn't make sense at that point), like with array_column().
So we use array_column() to trigger the crash.

Closes GH-20496.
2025-11-16 21:28:30 +01:00
David Carlier 55f7303d73 ext/zip: fix memory leak when encryption is passed as userland array option.
Similar issue fixed in GH-19936.

close GH-20363
2025-11-02 21:15:07 +00:00
David Carlier 3ee56f68ed Fix GH-19932: Zip::setEncryptionName()/setEncryptionIndex() memory leak.
On successive usage, the password is copied as much but the older
address is never freed. Thus, we are hinting a password reset to address
it.

close GH-19936
2025-09-29 22:10:17 +01:00
Niels Dossche 901f71e6e3 Fix GH-19688: Remove pattern overflow in zip addGlob()
memcmp() can overread the filename if the filename is shorter than the
pattern.

Closes GH-19689.
2025-09-10 23:47:52 +02:00
Niels Dossche 216e87ad7e Fix memory leak in zip when encountering empty glob result
The case of returning 0 is inconsistent in when it returns an empty
array, furthermore the caller already returns an empty array.
Because the caller overwrites the return value in these cases, it can
cause a memory leak.

This is easier to trigger on master in some cases as different code paths
are taken with the new bundled glob. On some platforms it is also
triggerable on 8.3.

Closes GH-19715.
2025-09-05 18:56:27 +02:00
Niels Dossche 09c223de00 Fix leak when path is too long in ZipArchive::extractTo()
I did not find an easy way to trigger this branch without also
triggering some other error conditions earlier.

Closes GH-19002.
2025-07-02 18:43:25 +02:00
Niels Dossche 2eb3100dca Fix GH-18438: Handling of empty data and errors in ZipArchive::addPattern
There is a ZPP arginfo violation because the empty return or error
return is not always properly handled.
And there is also a memory leak if creating the regular expression
instance fails.

Closes GH-18438.
2025-04-27 11:30:57 +02:00
Niels Dossche b066ac0b23 Fix GH-18431: Registering ZIP progress callback twice doesn't work
Libzip already cleans up the previous callback, so when that means:
1. The callback zval being already copied over the previous one causes
   libzip to clean up the new callback object. This is the root cause.
2. Our own code to clean the old callback is redundant.

Closes GH-18432.
2025-04-26 14:21:03 +02:00
Niels Dossche 91c6c727d5 Fix memory leak when handling a too long path in ZipArchive::addGlob()
Closes GH-18330.
2025-04-16 10:45:35 +02:00
Niels Dossche 0a6326c6ac Fix uouv when handling empty options in ZipArchive::addGlob()
Reported by OpenAI AARDVARK.

php_zip_parse_option is only called when options are passed to the function.
Prior to this patch, php_zip_parse_option was responsible for zeroing the
opts variable. So in the case when php_zip_parse_option is not called,
opts remains uninitialized yet it is being used anyway.
By just always zeroing opts at declaration time, we avoid this issue
and we are unlikely to reintroduce this in the future.

Closes GH-18329.
2025-04-16 10:44:59 +02:00
Niels Dossche ba0853888d Fix GH-18304: Changing the properties of a DateInterval through dynamic properties triggers a SegFault
For dynamic fetches the cache_slot will be NULL, so we have to check for
that when resetting the cache. For zip and xmlreader this couldn't
easily be tested because of a lack of writable properties.

Closes GH-18307.
2025-04-11 23:33:58 +02:00
Niels Dossche ce8ab5f16a Fix GH-17736: Assertion failure zend_reference_destroy()
The cache slot for FETCH_OBJ_W in function `test` is primed with the
class for C. The next call uses a simplexml instance and reuses the same
cache slot. simplexml's get_property_ptr handler does not use the cache
slot, so the old values remain in the cache slot. When
`zend_handle_fetch_obj_flags` is called this is not guarded by a check
for the class entry. So we end up using the prop_info from the property
C::$a instead of the simplexml property.

This patch adds a reset to the cache slots in the property address fetch
code and also in the extensions with a non-standard reference handler.
This keeps the run time cache consistent and avoids the issue without
complicating the fast paths.

Closes GH-17739.
2025-03-02 22:33:32 +01:00
Niels Dossche d08a9e0010 Fix GH-17139: Fix zip_entry_name() crash on invalid entry
Don't increment the refcount, but latter remember the ID to check
afterwards whether the resource still exists.

Replaces GH-17142.
Closes GH-17439.
2025-01-12 20:37:51 +01:00
Peter Kokot 8d5fc8d23f Merge branch 'PHP-8.2' into PHP-8.3
* PHP-8.2:
  Use EXTENSIONS instead of SKIPIF sections in *.phpt
2024-01-31 11:20:44 +01:00
Peter Kokot 218a93b898 Use EXTENSIONS instead of SKIPIF sections in *.phpt
This also fixes skipped tests due to different naming "zend-test"
instead of "zend_test" and "PDO" instead of "pdo":

- ext/dom/tests/libxml_global_state_entity_loader_bypass.phpt
- ext/simplexml/tests/libxml_global_state_entity_loader_bypass.phpt
- ext/xmlreader/tests/libxml_global_state_entity_loader_bypass.phpt
- ext/zend_test/tests/observer_sqlite_create_function.phpt

EXTENSIONS section is used for the Windows build to load the non-static
extensions.

Closes GH-13276
2024-01-31 11:18:21 +01:00
Remi Collet 6eecb3e7f5 zip: use index to avoid search by name 2023-11-27 08:33:57 +01:00
Remi Collet 3d5723e232 zip extension is 1.22.3 2023-11-14 15:58:18 +01:00
Remi Collet 14f10ec761 Merge branch 'PHP-8.2' into PHP-8.3
* PHP-8.2:
  NEWS
  NEWS
  fix GH-12661 (Inconsistency in ZipArchive::addGlob remove_path Option Behavior)
2023-11-14 14:57:14 +01:00
Remi Collet ddb887ffc8 Merge branch 'PHP-8.1' into PHP-8.2
* PHP-8.1:
  NEWS
  fix GH-12661 (Inconsistency in ZipArchive::addGlob remove_path Option Behavior)
2023-11-14 14:56:29 +01:00
Remi Collet 6625226074 fix GH-12661 (Inconsistency in ZipArchive::addGlob remove_path Option Behavior) 2023-11-14 14:54:20 +01:00
Remi Collet 57123ee489 zip: add new test for dynamic files 2023-09-12 11:18:18 +02:00
Remi Collet 94e26dc895 [ci skip] bump zip version 2023-08-23 18:01:20 +02:00
Peter Kokot c180e9b48a Remove unused call to Makefile.frag in ext/zip
The Makefile.frag has been removed in ext/zip.
2023-08-19 17:41:05 +02:00
Remi Collet ae3646db48 use typed constants in 8.3 2023-07-28 15:56:42 +02:00
Remi Collet 0893b4bed5 add ZipArchive::LENGTH_TO_END and ZipArchive::LENGTH_UNCHECKED constants 2023-07-28 15:56:31 +02:00
Ilija Tovilo 7b355e8d34 Revert "Merge branch 'PHP-8.2'"
This reverts commit 45a3f178dc, reversing
changes made to b2a54bc6af.
2023-07-04 09:18:49 +02:00
Máté Kocsis 45a3f178dc Merge branch 'PHP-8.2'
* PHP-8.2:
  Fix GH-9967 Add support for generating custom function, class const, and property attributes in stubs

Closes GH-10170
2023-07-03 11:17:08 +02:00
Remi Collet b406f7c67a zip extension version 1.22.1
- add ZipArchive::FL_OPEN_FILE_NOW to open the file when added
  instead of waiting for archive to be closed
2023-06-29 15:21:15 +02:00
Ilija Tovilo 73cf12d6ac Fix ext/zip arginfo.h 2023-06-28 19:10:00 +02:00
Remi Collet d8dd72fc31 The ZipArchive::FL_RECOMPRESS constant is deprecated 2023-06-28 14:28:09 +02:00
Remi Collet 1358b435c6 more tests for zip with libzip 1.10 2023-06-27 10:52:33 +02:00
Remi Collet b5638a1202 zip extension version 1.22.0 for libzip 1.10.0
- add new error macros (ER_DATA_LENGTH and ER_NOT_ALLOWED)
- add new archive global flags (ER_AFL_*)
- add ZipArchive::setArchiveFlag and ZipArchive::getArchiveFlag methods

New methods are available since libzip 0.11,
but really usable with new global flags
2023-06-26 16:39:22 +02:00
Remi Collet 4a9fe2a214 Merge branch 'PHP-8.2'
* PHP-8.2:
  adapt test expectation with libzip 1.10
2023-06-26 09:10:56 +02:00
Remi Collet b972af9589 adapt test expectation with libzip 1.10 2023-06-26 09:10:40 +02:00
Ilija Tovilo 626331fd5a Merge branch 'PHP-8.2'
* PHP-8.2:
  [skip ci] Fix tmp file clash in ext/zip/tests/oo_cancel.phpt
2023-05-01 15:29:51 +02:00
Ilija Tovilo 574d780a2f Merge branch 'PHP-8.1' into PHP-8.2
* PHP-8.1:
  [skip ci] Fix tmp file clash in ext/zip/tests/oo_cancel.phpt
2023-05-01 15:29:45 +02:00
Ilija Tovilo 8fc023cbae [skip ci] Fix tmp file clash in ext/zip/tests/oo_cancel.phpt 2023-05-01 15:28:59 +02:00
Máté Kocsis 7936c8085e Fix GH-8329 Print true/false instead of bool in error and debug messages (#8385) 2023-01-23 10:52:14 +01:00
Máté Kocsis 7a9726d651 Merge branch 'PHP-8.2'
- PHP-8.2:
  Customize the link of some constants in the manual
2023-01-19 09:06:39 +01:00
Máté Kocsis 148ac364e9 Customize the link of some constants in the manual
These changes are necessary because the links which are generated by default are already taken.
2023-01-19 09:05:32 +01:00
Máté Kocsis c153ec877f Merge branch 'PHP-8.2'
* PHP-8.2:
  Improve string class constant code generation
2022-09-26 23:13:31 +02:00
Máté Kocsis e4f2376919 Improve string class constant code generation (#9577)
Using strlen() will make sure that non-constant values can also be used.
2022-09-26 23:12:34 +02:00
Remi Collet 59894c7bf1 Merge branch 'PHP-8.2'
* PHP-8.2:
  zip version bump to 1.21.1
  remove LIBZIP_VERSION constant def from stub
2022-09-15 16:42:13 +02:00
Remi Collet ef4c20dea9 zip version bump to 1.21.1 2022-09-15 16:41:54 +02:00
Remi Collet 946cdb8ad1 remove LIBZIP_VERSION constant def from stub 2022-09-15 16:41:22 +02:00
Bob Weinand a01dd9feda Revert "Port all internally used classes to use default_object_handlers"
This reverts commit 94ee4f9834.

The commit was a bit too late to be included in PHP 8.2 RC1. Given it's a massive ABI break, we decide to postpone the change to PHP 8.3.
2022-09-14 11:13:23 +02:00
Bob Weinand 94ee4f9834 Port all internally used classes to use default_object_handlers
Signed-off-by: Bob Weinand <bobwei9@hotmail.com>
2022-08-31 16:45:27 +02:00
Máté Kocsis 0c4c9fb93b Declare et/zip constants in stubs (#9146) 2022-08-16 10:18:24 +02:00
Remi Collet 55a88f36b6 add SensitiveParameter as known string and use it in arginfo 2022-07-18 11:43:33 +02:00