Handle fatal stream filter errors

Author: nikic

ext/bz2/bug71263.phpt

@@ -0,0 +1,55 @@
+--TEST--
+Bug #71263: fread() does not detects decoding errors from filter bzip2.decompress
+--FILE--
+<?php
+
+// This bug is only partially fixed.
+
+function test($case) {
+	$plain = "The quick brown fox jumps over the lazy dog.";
+	$fn = "bug71263.bz2";
+	$compressed = (string) bzcompress($plain);
+	echo "Compressed len = ", strlen($compressed), "\n";
+	
+    if ($case == 1) {
+        // Set a random byte in the middle of the compressed data
+        // --> php_bz2_decompress_filter() detects fatal error
+        // --> fread() displays empty string then garbage, no errors detected:
+        $compressed[strlen($compressed) - 15] = 'X';
+    } else if ($case == 2) {
+        // Truncate the compressed data
+        // --> php_bz2_decompress_filter() does not detect errors,
+        // --> fread() displays the empty string:
+    	$compressed = substr($compressed, 0, strlen($compressed) - 20);
+    } else {
+        // Corrupted final CRC
+        // --> php_bz2_decompress_filter() detects fatal error
+        // --> fread() displays an empty string, then the correct plain text, no error detected:
+    	$compressed[strlen($compressed)-2] = 'X';
+    }
+
+	file_put_contents($fn, $compressed);
+	
+	$r = fopen($fn, "r");
+	stream_filter_append($r, 'bzip2.decompress', STREAM_FILTER_READ);
+	while (!feof($r)) {
+		$s = fread($r, 100);
+		echo "read: "; var_dump($s);
+	}
+	fclose($r);
+	unlink($fn);
+}
+
+test(1);
+test(2);
+test(3);
+?>
+--EXPECT--
+Compressed len = 81
+read: bool(false)
+read: string(43) "bthes ohe rpujumr.bthes ohe rpujumr.bthes o"
+Compressed len = 81
+read: string(0) ""
+Compressed len = 81
+read: bool(false)
+read: string(44) "The quick brown fox jumps over the lazy dog."

main/streams/streams.c

@@ -531,7 +531,6 @@ PHPAPI int _php_stream_fill_read_buffer(php_stream *stream, size_t size)
 
 	if (stream->readfilters.head) {
 		char *chunk_buf;
-		int err_flag = 0;
 		php_stream_bucket_brigade brig_in = { NULL, NULL }, brig_out = { NULL, NULL };
 		php_stream_bucket_brigade *brig_inp = &brig_in, *brig_outp = &brig_out, *brig_swap;
 
@@ -542,7 +541,7 @@ PHPAPI int _php_stream_fill_read_buffer(php_stream *stream, size_t size)
 		/* allocate a buffer for reading chunks */
 		chunk_buf = emalloc(stream->chunk_size);
 
-		while (!stream->eof && !err_flag && (stream->writepos - stream->readpos < (zend_off_t)size)) {
+		while (!stream->eof && (stream->writepos - stream->readpos < (zend_off_t)size)) {
 			ssize_t justread = 0;
 			int flags;
 			php_stream_bucket *bucket;
@@ -610,18 +609,13 @@ PHPAPI int _php_stream_fill_read_buffer(php_stream *stream, size_t size)
 					/* when a filter needs feeding, there is no brig_out to deal with.
 					 * we simply continue the loop; if the caller needs more data,
 					 * we will read again, otherwise out job is done here */
-					if (justread == 0) {
-						/* there is no data */
-						err_flag = 1;
-						break;
-					}
-					continue;
+					break;
 
 				case PSFS_ERR_FATAL:
 					/* some fatal error. Theoretically, the stream is borked, so all
 					 * further reads should fail. */
-					err_flag = 1;
-					break;
+					efree(chunk_buf);
+					return FAILURE;
 			}
 
 			if (justread <= 0) {