Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:38875 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 31506 invoked from network); 9 Jul 2008 14:00:06 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 9 Jul 2008 14:00:06 -0000 Authentication-Results: pb1.pair.com smtp.mail=arnaud.lb@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=arnaud.lb@gmail.com; sender-id=pass; domainkeys=bad Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.46.29 as permitted sender) DomainKey-Status: bad X-DomainKeys: Ecelerity dk_validate implementing draft-delany-domainkeys-base-01 X-PHP-List-Original-Sender: arnaud.lb@gmail.com X-Host-Fingerprint: 74.125.46.29 yw-out-2324.google.com Received: from [74.125.46.29] ([74.125.46.29:27207] helo=yw-out-2324.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id C5/10-30205-064C4784 for ; Wed, 09 Jul 2008 10:00:00 -0400 Received: by yw-out-2324.google.com with SMTP id 5so1258053ywb.83 for ; Wed, 09 Jul 2008 06:59:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date :user-agent:mime-version:content-type:content-transfer-encoding :content-disposition:message-id; bh=N1qc0RfBXxLL57Uqt7CxTbsRxXoap7HMb3smE5R50H8=; b=Ue4fOHkouOza7PaqFRJfUx5IgKYlDjjimv/u+8mwSii+Qv3z4yVgjlOnuHCcAIuiKv bPbaF325v56UApY5J6OAOipEDYUkHlH9ZjnqTDTd2FpmvtXcp7CEymleLXpg6d4jbl7D BDJ4fxK5pqIQDhP2f43c5Gi4ZkAFwGsfu4flM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:mime-version:content-type :content-transfer-encoding:content-disposition:message-id; b=V8vj8uDn3wuLAyncuWEY0zPVS30vCYTmd6H7rkWJKqfJE/vb+WHSt0SnJqEY4zq4yr LlmzUsZVNm3yv81IhxoMzIuQAbRgMmkGw4s6liP62b8GfnEefClMIaeGT6+PpShrvXXL fbNzgQljw0thTqoD66YAXXko4HRESNJBzd0bY= Received: by 10.103.248.1 with SMTP id a1mr3941928mus.57.1215611996395; Wed, 09 Jul 2008 06:59:56 -0700 (PDT) Received: from 207-177-41-213.getmyip.com ( [213.41.177.207]) by mx.google.com with ESMTPS id e10sm10618685muf.3.2008.07.09.06.59.54 (version=SSLv3 cipher=RC4-MD5); Wed, 09 Jul 2008 06:59:55 -0700 (PDT) To: PHP Internals List Date: Wed, 9 Jul 2008 15:58:47 +0200 User-Agent: KMail/1.9.9 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-ID: <200807091558.47262.arnaud.lb@gmail.com> Subject: [PATH] bug#42663: gzinflate() try to allocate all memory From: arnaud.lb@gmail.com ("Arnaud Le Blanc") Hi, I made a patch [1] for a bug I reported some times ago [2]. gzinflate() passes the Z_FINISH flag to inflate(). This flag may be used when the length of the decoded data is known, so that the data is decoded in one pass. When gzinflate() do not know the decoded length, it grows the buffer and try again while inflate() returns Z_BUF_ERROR. The problem is that Z_FINISH causes inflate() to also return Z_BUF_ERROR when the encoded data is truncated or corrupted, which may cause an infinite loop. The patch removes the use of the Z_FINISH flag so that inflate() returns usable error codes. This also allows to continue the decoding where inflate stopped it when the buffer was not large enough for the decoded data. I made two test cases [3], one I made when I reported the bug, and the other to test the case where the $length argument is too small, so that the function is almost entirely covered. [1] http://arnaud.lb.s3.amazonaws.com/gzinflate-bug42663.patch [2] http://bugs.php.net/bug.php?id=42663 [3] http://arnaud.lb.s3.amazonaws.com/gzinflate-phpt.tar.bz2 Regards, Arnaud