History log of /PHP-8.1/ext/phar/tests/bug77565.zip (Results 1 – 1 of 1)
Revision Date Author Comments
# d1b1c043 05-Jan-2021 Christoph M. Becker

Fix #77565: Incorrect locator detection in ZIP-based phars

We must not assume that the first end of central dir signature in a ZIP
archive actually designates the end of central director

Fix #77565: Incorrect locator detection in ZIP-based phars

We must not assume that the first end of central dir signature in a ZIP
archive actually designates the end of central directory record, since
the data in the archive may contain arbitrary byte patterns. Thus, we
better search from the end of the data, what is also slightly more
efficient.

There is, however, no way to detect the end of central directory
signature by searching from the end of the ZIP archive with absolute
certainty, since the signature could be part of the trailing comment.
To mitigate, we check that the comment length fits to the found
position, but that might still not be the correct position in rare
cases.

Closes GH-6507.

show more ...