PHP :: Bug #49072 :: feof never returns true for damaged file in zip

Bug #49072	feof never returns true for damaged file in zip
Submitted:	2009-07-27 11:47 UTC	Modified:	2011-02-07 16:21 UTC
From:	TorokAlpar at Gmail dot com	Assigned:	cataphract (profile)
Status:	Closed	Package:	Zip Related
PHP Version:	5.3.0	OS:	Windows Xp, Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	TorokAlpar at Gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2009-07-27 11:47 UTC] TorokAlpar at Gmail dot com

Description:
------------
Opening a damaged zip archive (7z reports CRC failed for the faulty file), feof never return true, the script blocks, causing high CPU usage. 

Please contact me to get a zip that produces this problem. I don't see how can i attach it here

Reproduce code:
---------------
$o = new ZipArchive();
if (! $o->open('test.zip',ZipArchive::CHECKCONS)) {
	exit ('error can\'t open');
}
$o->getStream('file2'); // this file is ok
echo "OK";
$r = $o->getStream('file1'); // this file has a wrong crc
while (! feof($r)) {
	fread($r,1024);
}
echo "never here\n";


Expected result:
----------------
The script either reads the file ignoring the crc error, or reports the error, but finishes.  

Actual result:
--------------
the script  never ends, and uses up the CPU

Patches

zip_stream_errors_reported.patch (last revision 2011-02-01 12:20 UTC by [email protected])

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-07-27 12:39 UTC] [email protected]

Please send me the archive you used to reproduce this problem.

[2009-08-11 15:12 UTC] [email protected]

Automatic comment from SVN on behalf of pajoye
Revision: http://svn.php.net/viewvc/?view=revision&revision=287095
Log: - fixed bug #49072, feof never returns true for damaged file in zip

[2009-08-11 17:11 UTC] [email protected]

Automatic comment from SVN on behalf of pajoye
Revision: http://svn.php.net/viewvc/?view=revision&revision=287102
Log: - merge fix for php bug #49072

[2009-08-12 08:36 UTC] [email protected]

Fixed in the pecl release 1.10.2 and patch applied to all branches (will be in php 5.2.11 and 5.3.1).

[2011-02-01 13:19 UTC] [email protected]

-Assigned To: +Assigned To: rquadling

[2011-02-01 13:19 UTC] [email protected]

The test http://svn.php.net/viewvc/php/php-src/trunk/ext/zip/tests/bug49072.phpt is currently failing.

From what I can tell, the reason for the failure is that the when processing (http://svn.php.net/viewvc/php/php-src/trunk/ext/zip/zip_stream.c?view=annotate#l31), the return type from zip_fread (line 37) is cast to size_t.

This is, at the most basic, an unsigned type. So, when comparing (n < 0), this will always be false.

And so any errors recording during the zip_fread() call will fail to be passed on.

Removing the casting and having n as type int, allows the test to pass and the appropriate error is generated.

Patch attached.

[2011-02-01 13:20 UTC] [email protected]

The following patch has been added/updated:

Patch Name: zip_stream_errors_reported.patch
Revision:   1296562807
URL:        http://bugs.php.net/patch-display.php?bug=49072&patch=zip_stream_errors_reported.patch&revision=1296562807

[2011-02-01 13:22 UTC] [email protected]

-Status: Closed +Status: Re-Opened -Assigned To: rquadling +Assigned To:

[2011-02-01 13:22 UTC] [email protected]

Unassigned from me as I don't have karma.

[2011-02-01 14:59 UTC] [email protected]

-Assigned To: +Assigned To: cataphract

[2011-02-01 15:43 UTC] [email protected]

Automatic comment from SVN on behalf of cataphract
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=307916
Log: - Fixed bug #49072 (feof never returns true for damaged file in zip).

[2011-02-01 15:44 UTC] [email protected]

Automatic comment from SVN on behalf of cataphract
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=307917
Log: - Fixed bug #49072 (feof never returns true for damaged file in zip).

[2011-02-01 15:44 UTC] [email protected]

-Status: Re-Opened +Status: Closed

[2011-02-07 16:12 UTC] [email protected]

-Status: Closed +Status: Assigned

[2011-02-07 16:12 UTC] [email protected]

Test fails here:

001+ 
001- Warning: fread(): Zip stream error: CRC error in %s on line %d

[2011-02-07 16:13 UTC] [email protected]

Test for this bug fail here (5.3/trunk):

001+ 
001- Warning: fread(): Zip stream error: CRC error in %s on line %d

[2011-02-07 16:21 UTC] [email protected]

-Status: Assigned +Status: Closed

[2011-02-07 16:21 UTC] [email protected]

Wrong build, test passes just fine

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Jun 28 05:01:36 2025 UTC