Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

offset overflow phar extractTo() #17518

Closed
YuanchengJiang opened this issue Jan 19, 2025 · 0 comments
Closed

offset overflow phar extractTo() #17518

YuanchengJiang opened this issue Jan 19, 2025 · 0 comments
Assignees
@nielsdos
Labels
Bug Extension: phar Status: Verified

Comments

@YuanchengJiang
Copy link

Description

The following code:

<?php
$fname = __DIR__ . '/' . basename(__FILE__, '.php') . '.phar.php';
$phar = new Phar($fname);
$fusion = $phar;
$fusion->extractTo(__DIR__ . "/bug81490", "");

Resulted in this output:

/home/phpfuzz/WorkSpace/flowfusion/php-src/ext/phar/phar_object.c:4330:20: runtime error: addition of unsigned offset to 0x603000001438 overflowed to 0x603000001437
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/phar/phar_object.c:4330:20

PHP Version

nightly

Operating System

No response
@nielsdos nielsdos self-assigned this Jan 19, 2025
nielsdos added a commit to nielsdos/php-src that referenced this issue Jan 19, 2025
@nielsdos
Fix phpGH-17518: offset overflow phar extractTo()
173471f 
`search` can be the empty string, so we need to check the length before
checking the last char.
@nielsdos nielsdos linked a pull request Jan 19, 2025 that will close this issue
Fix GH-17518: offset overflow phar extractTo() #17519
Closed
nielsdos added a commit that referenced this issue Jan 19, 2025
@nielsdos
Merge branch 'PHP-8.3' into PHP-8.4
7cc8719 
* PHP-8.3:
  Fix GH-17518: offset overflow phar extractTo()
nielsdos added a commit that referenced this issue Jan 19, 2025
@nielsdos
Merge branch 'PHP-8.4'
b8ee4c2 
* PHP-8.4:
  Fix GH-17518: offset overflow phar extractTo()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nielsdos nielsdos

Labels
Bug Extension: phar Status: Verified
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix GH-17518: offset overflow phar extractTo() nielsdos/php-src
2 participants
@nielsdos @YuanchengJiang