Skip to content

Commit 455893e

Browse files
ndosschendossche
committed
Merge branch 'PHP-8.5'
* PHP-8.5: Fix GH-20302: Freeing a phar alias may invalidate PharFileInfo objects
2 parents 425b97e + 1dd866d commit 455893e

File tree

2 files changed

+53
-10
lines changed

2 files changed

+53
-10
lines changed

ext/phar/phar_object.c

Lines changed: 17 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -4391,6 +4391,9 @@ PHP_METHOD(PharFileInfo, __construct)
43914391
entry_obj->entry = entry_info;
43924392
if (!entry_info->is_persistent && !entry_info->is_temp_dir) {
43934393
++entry_info->fp_refcount;
4394+
/* The phar data must exist to keep the alias locked. */
4395+
ZEND_ASSERT(!phar_data->is_persistent);
4396+
++phar_data->refcount;
43944397
}
43954398

43964399
ZVAL_STRINGL(&arg1, fname, fname_len);
@@ -4421,19 +4424,23 @@ PHP_METHOD(PharFileInfo, __destruct)
44214424

44224425
PHAR_ENTRY_OBJECT_EX(false);
44234426

4424-
if (entry_obj->entry->is_temp_dir) {
4425-
if (entry_obj->entry->filename) {
4426-
zend_string_efree(entry_obj->entry->filename);
4427-
entry_obj->entry->filename = NULL;
4427+
phar_entry_info *entry = entry_obj->entry;
4428+
4429+
if (entry->is_temp_dir) {
4430+
if (entry->filename) {
4431+
zend_string_release_ex(entry->filename, false);
4432+
entry->filename = NULL;
44284433
}
44294434

4430-
efree(entry_obj->entry);
4431-
} else if (!entry_obj->entry->is_persistent) {
4432-
--entry_obj->entry->fp_refcount;
4433-
/* It is necessarily still in the manifest, which will ultimately free this. */
4435+
efree(entry);
4436+
entry_obj->entry = NULL;
4437+
} else if (!entry->is_persistent) {
4438+
--entry->fp_refcount;
4439+
/* The entry itself still lives in the manifest,
4440+
* which will either be freed here if the file info was the last reference; or freed later. */
4441+
entry_obj->entry = NULL;
4442+
phar_archive_delref(entry->phar);
44344443
}
4435-
4436-
entry_obj->entry = NULL;
44374444
}
44384445
/* }}} */
44394446

ext/phar/tests/gh20302.phpt

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
--TEST--
2+
GH-20302 (Freeing a phar alias may invalidate PharFileInfo objects)
3+
--EXTENSIONS--
4+
phar
5+
--INI--
6+
phar.require_hash=0
7+
--FILE--
8+
<?php
9+
$fname = __DIR__.'/gh20302.phar';
10+
$pname = 'phar://' . $fname;
11+
$file = "<?php
12+
__HALT_COMPILER(); ?>";
13+
$files = array();
14+
$files['here'] = 'a';
15+
include __DIR__.'/files/phar_test.inc';
16+
$b = new PharFileInfo($pname . '/here');
17+
18+
// Create new phar with same alias and open it
19+
@mkdir(__DIR__.'/gh20302');
20+
$fname = __DIR__.'/gh20302/gh20302.phar';
21+
$pname = 'phar://' . $fname;
22+
include __DIR__.'/files/phar_test.inc';
23+
try {
24+
new Phar($fname);
25+
} catch (UnexpectedValueException $e) {
26+
echo $e->getMessage(), "\n";
27+
}
28+
?>
29+
--CLEAN--
30+
<?php
31+
@unlink(__DIR__.'/gh20302/gh20302.phar');
32+
@unlink(__DIR__.'/gh20302.phar');
33+
@rmdir(__DIR__.'/gh20302');
34+
?>
35+
--EXPECTF--
36+
Cannot open archive "%sgh20302.phar", alias is already in use by existing archive

0 commit comments

Comments
 (0)