'[PHP-CVS] [php-src] PHP-8.0: Merge branch 'PHP-7.4' into PHP-8.0'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       php-cvs
Subject:    [PHP-CVS] [php-src] PHP-8.0: Merge branch 'PHP-7.4' into PHP-8.0
From:       "Christoph M. Becker" <noreply () php ! net>
Date:       2021-09-30 13:46:06
Message-ID: 1b817IHVVUHpDt1kWKjotV5s2lcOiJdlNEXyZv8Xu8 () main ! php ! net
[Download RAW message or body]

Author: Christoph M. Becker (cmb69)
Date: 2021-09-30T15:42:40+02:00

Commit: https://github.com/php/php-src/commit/5db6e358436f9e8cda82b3154558e22d53eba963
Raw diff: https://github.com/php/php-src/commit/5db6e358436f9e8cda82b3154558e22d53eba963.diff

Merge branch 'PHP-7.4' into PHP-8.0

* PHP-7.4:
  Fix #81490: ZipArchive::extractTo() may leak memory

Changed paths:
  A  ext/zip/tests/bug81490.phpt
  M  NEWS
  M  ext/zip/php_zip.c


Diff:

diff --git a/NEWS b/NEWS
index 3ac724f6e648..1de7bd7bdb0a 100644
--- a/NEWS
+++ b/NEWS
@@ -46,6 +46,9 @@ PHP                                                                        NEWS
   . Fixed bug #70962 (XML_OPTION_SKIP_WHITE strips embedded whitespace).
     (Aliaksandr Bystry, cmb)
 
+- Zip:
+  . Fixed bug #81490 (ZipArchive::extractTo() may leak memory). (cmb, Remi)
+
 23 Sep 2021, PHP 8.0.11
 
 - Core:
diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c
index 9f798d8afaa4..370371129aa1 100644
--- a/ext/zip/php_zip.c
+++ b/ext/zip/php_zip.c
@@ -149,11 +149,13 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file, size_t
 	virtual_file_ex(&new_state, file, NULL, CWD_EXPAND);
 	path_cleaned =  php_zip_make_relative_path(new_state.cwd, new_state.cwd_length);
 	if(!path_cleaned) {
+		CWD_STATE_FREE(new_state.cwd);
 		return 0;
 	}
 	path_cleaned_len = strlen(path_cleaned);
 
 	if (path_cleaned_len >= MAXPATHLEN || zip_stat(za, file, 0, &sb) != 0) {
+		CWD_STATE_FREE(new_state.cwd);
 		return 0;
 	}
 
@@ -188,8 +190,8 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file, size_t
 			efree(file_dirname_fullpath);
 			if (!is_dir_only) {
 				zend_string_release_ex(file_basename, 0);
-				CWD_STATE_FREE(new_state.cwd);
 			}
+			CWD_STATE_FREE(new_state.cwd);
 			return 0;
 		}
 	}
diff --git a/ext/zip/tests/bug81490.phpt b/ext/zip/tests/bug81490.phpt
new file mode 100644
index 000000000000..7c9a33a427cd
--- /dev/null
+++ b/ext/zip/tests/bug81490.phpt
@@ -0,0 +1,21 @@
+--TEST--
+Bug #81490 (ZipArchive::extractTo() may leak memory)
+--SKIPIF--
+<?php
+if (!extension_loaded("zip")) die("skip zip extension not available");
+?>
+--FILE--
+<?php
+$zip = new ZipArchive();
+$zip->open(__DIR__ . "/bug81490.zip", ZipArchive::CREATE|ZipArchive::OVERWRITE);
+$zip->addFromString("", "yada yada");
+mkdir(__DIR__ . "/bug81490");
+$zip->open(__DIR__ . "/bug81490.zip");
+$zip->extractTo(__DIR__ . "/bug81490", "");
+?>
+--EXPECT--
+--CLEAN--
+<?php
+@unlink(__DIR__ . "/bug81490.zip");
+@rmdir(__DIR__ . "/bug81490");
+?>

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic