Fix bug #69453 - don't try to cut empty string

smalyshev · smalyshev · commit c27f012b7a44 · 2015-04-29T22:51:43.000-07:00
diff --git a/ext/phar/tar.c b/ext/phar/tar.c
@@ -425,7 +425,7 @@ int phar_parse_tarfile(php_stream* fp, char *fname, int fname_len, char *alias,
 			entry.filename_len = i;
 			entry.filename = pestrndup(hdr->name, i, myphar->is_persistent);
 
-			if (entry.filename[entry.filename_len - 1] == '/') {
+			if (i > 0 && entry.filename[entry.filename_len - 1] == '/') {
 				/* some tar programs store directories with trailing slash */
 				entry.filename[entry.filename_len - 1] = '\0';
 				entry.filename_len--;
diff --git a/ext/phar/tests/bug69453.phpt b/ext/phar/tests/bug69453.phpt
@@ -0,0 +1,21 @@
+--TEST--
+Phar: bug #69453: Memory Corruption in phar_parse_tarfile when entry filename starts with null
+--SKIPIF--
+<?php if (!extension_loaded("phar")) die("skip"); ?>
+--FILE--
+<?php
+$fname = dirname(__FILE__) . '/bug69453.tar.phar';
+try {
+$r = new Phar($fname, 0);
+} catch(UnexpectedValueException $e) {
+	echo $e;
+}
+?>
+
+==DONE==
+--EXPECTF--
+exception 'UnexpectedValueException' with message 'phar error: "%s/bug69453.tar.phar" is a corrupted tar file (checksum mismatch of file "")' in %s:%d
+Stack trace:
+#0 %s/bug69453.php(%d): Phar->__construct('%s', 0)
+#1 {main}
+==DONE==
