Merge branch 'PHP-7.4'

cmb69 · cmb69 · commit c33e5043a855 · 2020-04-22T15:09:14.000+02:00
* PHP-7.4:
  Fix #79503: Memory leak on duplicate metadata
diff --git a/ext/phar/tar.c b/ext/phar/tar.c
@@ -181,9 +181,17 @@ static int phar_tar_process_metadata(phar_entry_info *entry, php_stream *fp) /*
 	}
 
 	if (entry->filename_len == sizeof(".phar/.metadata.bin")-1 && !memcmp(entry->filename, ".phar/.metadata.bin", sizeof(".phar/.metadata.bin")-1)) {
+		if (Z_TYPE(entry->phar->metadata) != IS_UNDEF) {
+			efree(metadata);
+			return FAILURE;
+		}
 		entry->phar->metadata = entry->metadata;
 		ZVAL_UNDEF(&entry->metadata);
 	} else if (entry->filename_len >= sizeof(".phar/.metadata/") + sizeof("/.metadata.bin") - 1 && NULL != (mentry = zend_hash_str_find_ptr(&(entry->phar->manifest), entry->filename + sizeof(".phar/.metadata/") - 1, entry->filename_len - (sizeof("/.metadata.bin") - 1 + sizeof(".phar/.metadata/") - 1)))) {
+		if (Z_TYPE(mentry->metadata) != IS_UNDEF) {
+			efree(metadata);
+			return FAILURE;
+		}
 		/* transfer this metadata to the entry it refers */
 		mentry->metadata = entry->metadata;
 		ZVAL_UNDEF(&entry->metadata);
diff --git a/ext/phar/tests/bug79503.phar b/ext/phar/tests/bug79503.phar
diff --git a/ext/phar/tests/bug79503.phpt b/ext/phar/tests/bug79503.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Bug #79503 (Memory leak on duplicate metadata)
+--SKIPIF--
+<?php
+if (!extension_loaded('phar')) die('skip phar extension not available');
+?>
+--FILE--
+<?php
+try {
+    new Phar(__DIR__ . '/bug79503.phar');
+} catch (UnexpectedValueException $ex) {
+    echo $ex->getMessage();
+}
+?>
+--EXPECTF--
+phar error: tar-based phar "%s%ebug79503.phar" has invalid metadata in magic file ".phar/.metadata.bin"
