Skip to content

Fix phar crash and file corruption with SplFileObject #19038

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Fix phar crash and file corruption with SplFileObject #19038

wants to merge 1 commit into from

Conversation

nielsdos
Copy link
Member

@nielsdos nielsdos commented Jul 5, 2025

There are two bugfixes here.
The first was a crash that I discovered while working on GH-19035. The check for when a file pointer was still occupied was wrong, leading to a UAF. Strangely, zip got this right.

The second issue was that even after fixing the first one, the file contents were garbage. This is because the file write offset for the phar stream was wrong.

@nielsdos
Fix phar crash and file corruption with SplFileObject
f47bf64 
There are two bugfixes here.
The first was a crash that I discovered while working on phpGH-19035.
The check for when a file pointer was still occupied was wrong, leading
to a UAF. Strangely, zip got this right.

The second issue was that even after fixing the first one, the file
contents were garbage. This is because the file write offset for the
phar stream was wrong.
@nielsdos nielsdos closed this in 405be1c Jul 5, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Girgias Girgias Girgias approved these changes

Assignees
No one assigned
Labels
Extension: phar
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nielsdos @Girgias