Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:15498
Return-Path: <sniper@iki.fi>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 95495 invoked by uid 1010); 18 Mar 2005 23:32:25 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 95432 invoked from network); 18 Mar 2005 23:32:24 -0000
Received: from unknown (HELO pb1.pair.com) (127.0.0.1)
  by localhost with SMTP; 18 Mar 2005 23:32:24 -0000
X-Host-Fingerprint: 195.197.172.116 gw02.mail.saunalahti.fi Linux 2.4/2.6
Received: from ([195.197.172.116:60652] helo=gw02.mail.saunalahti.fi)
	by pb1.pair.com (ecelerity HEAD r(5268)) with SMTP
	id BF/E8-00382-7056B324 for <internals@lists.php.net>; Fri, 18 Mar 2005 18:32:23 -0500
Received: from nest.netphobia.fi (YZCLXVIII.dsl.saunalahti.fi [85.76.34.69])
	by gw02.mail.saunalahti.fi (Postfix) with ESMTP id AA40DBA2F2;
	Sat, 19 Mar 2005 01:32:07 +0200 (EET)
Received: from nest.netphobia.fi (nest.netphobia.fi [127.0.0.1])
	by nest.netphobia.fi (8.13.1/8.13.1) with ESMTP id j2INWAFo021087;
	Sat, 19 Mar 2005 01:32:10 +0200
Received: from localhost (jani@localhost)
	by nest.netphobia.fi (8.13.1/8.13.1/Submit) with ESMTP id j2INW94P021084;
	Sat, 19 Mar 2005 01:32:10 +0200
X-Authentication-Warning: nest.netphobia.fi: jani owned process doing -bs
Date: Sat, 19 Mar 2005 01:32:09 +0200 (EET)
Reply-To: Jani Taskinen <sniper@iki.fi>
To: Jozef Hatala <phpint-bkrrym@skrt.org>
Cc: internals@lists.php.net
In-Reply-To: <20050316223422.GB11662@u-hatala.rd.francetelecom.fr>
Message-ID: <Pine.LNX.4.61.0503190130590.12076@arfg.argcubovn.sv>
References: <20050316223422.GB11662@u-hatala.rd.francetelecom.fr>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Subject: Re: [PHP-DEV] [PATCH] Fix for php://input returning duplicate data
	in some cases
From: sniper@iki.fi (Jani Taskinen)


     Are there any bug reports about this at bugs.php.net ?
     If not, enter one and put the patch online somewhere were
     we can download it as text file. (and the url to that into
     the bug report)

     Does this problem exist with PHP_4_3 branch?

     --Jani


On Wed, 16 Mar 2005, Jozef Hatala wrote:

> In some cases, the php://input stream returns incorrect data.
> This was discovered as a data corruption when directly parsing
> a POSTed XML with a long text-node.
>
> The problem is between main/streams/streams.c and
> ext/standard/php_fopen_wrapper.c.
>
> The XML parser requests data from the stream in 4000 byte
> chunks.
>
> _php_stream_read requests data from the handler for php://input
> in 8192 byte chunks.  It uses two counters stream->readpos
> and stream->writepos to handle the buffering.  Just before
> returning the next 4000 byte chunk, _php_stream_read advances
> the stream->position.
>
> The handler for php://input in php_stream_input_read
> uses stream->position to address the contents of
> SG(request_info).raw_post_data and serves a 8192 byte chunk
> starting at that position.
>
> The problem shows itself on the third call of _php_stream_read.
> In the first iteration of the while(size>0) loop, it uses the
> 192 bytes left over in the buffer.  In the second iteration it
> needs to refill to buffer, so it calls php_stream_input_read.
> But stream->position has not been advanced by 192 yet, so
> php_stream_input_read ends up returning a buffer starting with
> the same 192 bytes.
>
> The patch consists in simply updating stream->position
> immediately, instead of accumulating didread and only updating
> stream->position at the end.  This way php_stream_input_read
> always sees an accurate value of the stream->position.
>
> Here it is.  It is made against php-5.0.3, but it also applies
> to php5-200503161930.
>
> ==== begin ====
> diff -ru php-5.0.3.orig/main/streams/streams.c php-5.0.3/main/streams/streams.c
> --- php-5.0.3.orig/main/streams/streams.c	2004-11-15 15:44:14.000000000 -0800
> +++ php-5.0.3/main/streams/streams.c	2005-03-16 13:08:02.000000000 -0800
> @@ -560,6 +560,7 @@
> 			size -= toread;
> 			buf += toread;
> 			didread += toread;
> +			stream->position += toread;
> 		}
>
> 		/* ignore eof here; the underlying state might have changed */
> @@ -584,6 +585,7 @@
> 		}
> 		if (toread > 0) {
> 			didread += toread;
> +			stream->position += toread;
> 			buf += toread;
> 			size -= toread;
> 		} else {
> @@ -596,10 +598,6 @@
> 			break;
> 	}
>
> -	if (didread > 0) {
> -		stream->position += didread;
> -	}
> -
> 	return didread;
> }
>
> ==== end ====
>
>

-- 
https://www.paypal.com/xclick/business=sniper@php.net&no_note=1&tax=0&currency_code=EUR