Merge branch 'PHP-7.4' into PHP-8.0

cmb69 · cmb69 · commit c2fbab392c5b · 2020-12-15T11:46:28.000+01:00
* PHP-7.4:
  Fix #77322: PharData::addEmptyDir('/') Possible integer overflow
diff --git a/NEWS b/NEWS
@@ -70,7 +70,9 @@ PHP                                                                        NEWS
 
 - Phar:
   . Fixed bug #73809 (Phar Zip parse crash - mmap fail). (cmb)
-  . Fixed #75102 (`PharData` says invalid checksum for valid tar). (cmb)
+  . Fixed bug #75102 (`PharData` says invalid checksum for valid tar). (cmb)
+  . Fixed bug #77322 (PharData::addEmptyDir('/') Possible integer overflow).
+    (cmb)
 
 - Phpdbg:
   . Fixed bug #76813 (Access violation near NULL on source operand). (cmb)
diff --git a/ext/phar/tests/bug77322.phpt b/ext/phar/tests/bug77322.phpt
@@ -0,0 +1,24 @@
+--TEST--
+Bug #77322 (PharData::addEmptyDir('/') Possible integer overflow)
+--SKIPIF--
+<?php
+if (!extension_loaded('phar')) die('skip phar extension not available');
+?>
+--FILE--
+<?php
+$zip = new PharData(__DIR__ . '/bug77322.zip');
+$zip->addEmptyDir('/');
+var_dump($zip->count());
+
+$tar = new PharData(__DIR__ . '/bug77322.tar');
+$tar->addEmptyDir('/');
+var_dump($tar->count());
+?>
+--EXPECT--
+int(1)
+int(1)
+--CLEAN--
+<?php
+unlink(__DIR__ . '/bug77322.zip');
+unlink(__DIR__ . '/bug77322.tar');
+?>
diff --git a/ext/phar/util.c b/ext/phar/util.c
@@ -567,7 +567,7 @@ phar_entry_data *phar_get_or_create_entry_data(char *fname, size_t fname_len, ch
 	} else {
 		etemp.flags = etemp.old_flags = PHAR_ENT_PERM_DEF_FILE;
 	}
-	if (is_dir) {
+	if (is_dir && path_len) {
 		etemp.filename_len--; /* strip trailing / */
 		path_len--;
 	}

Original file line number	Diff line number	Diff line change
`@@ -567,7 +567,7 @@ phar_entry_data phar_get_or_create_entry_data(char fname, size_t fname_len, ch`
`567`	`567`	`} else {`
`568`	`568`	`etemp.flags = etemp.old_flags = PHAR_ENT_PERM_DEF_FILE;`
`569`	`569`	`}`
`570`		`- if (is_dir) {`
	`570`	`+ if (is_dir && path_len) {`
`571`	`571`	`etemp.filename_len--; /* strip trailing / */`
`572`	`572`	`path_len--;`
`573`	`573`	`}`