PHP :: Bug #34191 :: ob_gzhandler does not enforce trailing NUL

 [2005-08-19 14:38 UTC] mike@php.net

Reproducing script:
<?php
function f()
{
	$data = ob_get_contents();
	while(@ob_end_clean());
	ob_start('ob_gzhandler');
	$step = strlen($data)/2;
	echo substr($data, 0, $step);
	ob_flush();
	echo substr($data, $step);
}
register_shutdown_function('f');
ob_start();
echo '<pre>';
readfile(__FILE__);
?>

 [2005-08-21 18:05 UTC] iliaa@php.net

This bug has been fixed in CVS.
Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
Thank you for the report, and for helping us make PHP better.

 [2005-08-24 12:37 UTC] mike@php.net

Sorry, this bug is not entirely fixed.
Reproducing Script:
Similar to the previous one, but with an additional ob_end_clean()
<?php
function f()
{
	$data = ob_get_contents();
	while(@ob_end_clean());
	ob_start('ob_gzhandler');
	$step = strlen($data)/2;
	echo substr($data, 0, $step);
	ob_flush();
	echo substr($data, $step);
}
register_shutdown_function('f');
while(@ob_end_clean());
ob_start();
echo '<pre>';
readfile(__FILE__);
?>

 [2005-08-24 14:43 UTC] sniper@php.net

==9165== Conditional jump or move depends on uninitialised value(s)
==9165==    at 0x8139541: _zval_dtor_func (zend_variables.c:35)
==9165==    by 0x812EAF1: _zval_dtor (zend_variables.h:35)
==9165==    by 0x812ECA4: _zval_ptr_dtor (zend_execute_API.c:386)
==9165==    by 0x810A41C: php_end_ob_buffer (output.c:309)

 [2005-08-24 18:20 UTC] iliaa@php.net

This bug has been fixed in CVS.
Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
Thank you for the report, and for helping us make PHP better.