Merge branch 'PHP-8.3' into PHP-8.4

* PHP-8.3: Fix GH-17139: Fix zip_entry_name() crash on invalid entry
php · Jan 12, 2025 · fd0cabb · fd0cabb
2 parents 27fbdc1 + d08a9e0
commit fd0cabb
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 1 deletion.
diff --git a/NEWS b/NEWS
@@ -55,6 +55,10 @@ PHP                                                                        NEWS
   . Fixed bug GH-15833 (Segmentation fault (access null pointer) in
     ext/spl/spl_array.c). (nielsdos)
 
+- Zip:
+  . Fixed bug GH-17139 (Fix zip_entry_name() crash on invalid entry).
+    (nielsdos)
+
 02 Jan 2025, PHP 8.4.3
 
 - BcMath:

diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c
@@ -1261,6 +1261,7 @@ PHP_FUNCTION(zip_read)
 			RETURN_FALSE;
 		}
 
+		zr_rsrc->zip_rsrc_handle = Z_RES_P(zip_dp)->handle;
 		zr_rsrc->zf = zip_fopen_index(rsrc_int->za, rsrc_int->index_current, 0);
 		if (zr_rsrc->zf) {
 			rsrc_int->index_current++;
@@ -1377,7 +1378,7 @@ static void php_zip_entry_get_info(INTERNAL_FUNCTION_PARAMETERS, int opt) /* {{{
 		RETURN_THROWS();
 	}
 
-	if (!zr_rsrc->zf) {
+	if (!zr_rsrc->zf || !zend_hash_index_exists(&EG(regular_list), zr_rsrc->zip_rsrc_handle)) {
 		RETURN_FALSE;
 	}
 

diff --git a/ext/zip/php_zip.h b/ext/zip/php_zip.h
@@ -60,6 +60,9 @@ typedef zip_rsrc * zip_rsrc_ptr;
 typedef struct _ze_zip_read_rsrc {
 	struct zip_file *zf;
 	struct zip_stat sb;
+	/* Used to check if the zip resource still exists,
+	 * without holding a reference. This works because the IDs are unique. */
+	zend_long zip_rsrc_handle;
 } zip_read_rsrc;
 
 /* Extends zend object */

diff --git a/ext/zip/tests/gh17319.phpt b/ext/zip/tests/gh17319.phpt
@@ -0,0 +1,19 @@
+--TEST--
+GH-17139 - zip_entry_name() crash
+--EXTENSIONS--
+zip
+--FILE--
+<?php
+$zip = zip_open(__DIR__."/test_procedural.zip");
+if (!is_resource($zip)) die("Failure");
+// no need to bother looping over, the entry name should point to a dangling address from the first iteration
+$zip = zip_read($zip);
+var_dump(zip_entry_name($zip));
+?>
+--EXPECTF--
+Deprecated: Function zip_open() is deprecated since 8.0, use ZipArchive::open() instead in %s on line %d
+
+Deprecated: Function zip_read() is deprecated since 8.0, use ZipArchive::statIndex() instead in %s on line %d
+
+Deprecated: Function zip_entry_name() is deprecated since 8.0, use ZipArchive::statIndex() instead in %s on line %d
+bool(false)