From 5faa15c4ce9d68a286a9ffe10ecbb897ebe95601 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Mon, 18 Jul 2016 23:01:10 -0700 Subject: [PATCH] Partial fix for bug #72613 - do not allow reading past error read --- ext/bz2/bz2.c | 6 +++++- ext/bz2/tests/72613.bz2 | Bin 0 -> 351 bytes ext/bz2/tests/bug72613.phpt | 23 +++++++++++++++++++++++ 3 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 ext/bz2/tests/72613.bz2 create mode 100644 ext/bz2/tests/bug72613.phpt diff --git a/ext/bz2/bz2.c b/ext/bz2/bz2.c index 359425437da0..bc6379aeeaf8 100644 --- a/ext/bz2/bz2.c +++ b/ext/bz2/bz2.c @@ -148,7 +148,11 @@ static size_t php_bz2iop_read(php_stream *stream, char *buf, size_t count) just_read = BZ2_bzread(self->bz_file, buf, to_read); if (just_read < 1) { - stream->eof = 0 == just_read; + /* it is not safe to keep reading after an error, see #72613 */ + stream->eof = 1; + if (just_read < 0) { + return -1; + } break; } diff --git a/ext/bz2/tests/72613.bz2 b/ext/bz2/tests/72613.bz2 new file mode 100644 index 0000000000000000000000000000000000000000..0b932f8d912584371d1164b07434e690593332cb GIT binary patch literal 351 zcmZXOu@S;B5CoMG(}DwX4;8?;10quaUA#L}DW(I54!}O{UM~$Z{*mn0>2FW>=d15; zXj{;!M~D|SjBusIafLs6q4Yusd8K!_F_&08U5AHzmP zTNxhjDaM0l<#BI({OA|L)F)-N4scWfR>h%pvbYL5;6ZLbkBD?)P3&e5ScC!J^aCNF BLi+#! literal 0 HcmV?d00001 diff --git a/ext/bz2/tests/bug72613.phpt b/ext/bz2/tests/bug72613.phpt new file mode 100644 index 000000000000..82547e6ae071 --- /dev/null +++ b/ext/bz2/tests/bug72613.phpt @@ -0,0 +1,23 @@ +--TEST-- +Bug #72613 (Inadequate error handling in bzread()) +--SKIPIF-- + +--FILE-- + +DONE +--EXPECT-- +DONE \ No newline at end of file