Rename and refactor ZipArchive::openBuffer

tstarling · tstarling · commit e3520684cb00 · 2026-02-12T15:18:20.000+11:00
Fixes to #14078: * Rename ZipArchive::openBuffer() to ::openString(). * For consistency with ::open(), return int|bool, don't throw an exception on error. Provide error information via existing properties and accessors. * Fix memory leak when ::openString() is called but ::close() is not called. Add test. * Fix memory leak when a call to ::open() is followed by a call to ::openString(). Add test. * Let libzip own the source, don't call zip_source_keep(). * Share buffer handling with ZipArchive::addFromString(). Elsewhere: * If there is an error from zip_close() during a call to ZipArchive::open(), emit a warning but proceed to open the archive, don't return early. Add test. * When buffers are saved by ZipArchive::addFromString(), release them in ZipArchive::close() and ::open(), don't accumulate buffers until the free_obj handler is called. * Factor out buffer handling and reuse it in ZipArchive::openString()
diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c
@@ -575,6 +575,76 @@ static char * php_zipobj_get_zip_comment(ze_zip_object *obj, int *len) /* {{{ */
 }
 /* }}} */
 
+/* Add a string to the list of buffers to be released when the object is destroyed.*/
+static void php_zipobj_add_buffer(ze_zip_object *obj, zend_string *str) /* {{{ */
+{
+	int pos = 0;
+	if (obj->buffers_cnt) {
+		obj->buffers = safe_erealloc(obj->buffers, sizeof(*obj->buffers), (obj->buffers_cnt + 1), 0);
+		pos = obj->buffers_cnt++;
+	} else {
+		obj->buffers = emalloc(sizeof(*obj->buffers));
+		obj->buffers_cnt++;
+		pos = 0;
+	}
+	obj->buffers[pos] = zend_string_copy(str);
+}
+/* }}} */
+
+static void php_zipobj_release_buffers(ze_zip_object *obj) /* {{{ */
+{
+	if (obj->buffers_cnt > 0) {
+		for (int i = 0; i < obj->buffers_cnt; i++) {
+			zend_string_release(obj->buffers[i]);
+		}
+		efree(obj->buffers);
+	}
+	obj->buffers_cnt = 0;
+}
+/* }}} */
+
+/* Close and free the zip_t */
+static bool php_zipobj_close(ze_zip_object *obj) /* {{{ */
+{
+	struct zip *intern = obj->za;
+	bool success = false;
+
+	if (intern) {
+		int err = zip_close(intern);
+		if (err) {
+			php_error_docref(NULL, E_WARNING, "%s", zip_strerror(intern));
+			/* Save error for property reader */
+			zip_error_t *ziperr;
+
+			ziperr = zip_get_error(intern);
+			obj->err_zip = zip_error_code_zip(ziperr);
+			obj->err_sys = zip_error_code_system(ziperr);
+			zip_error_fini(ziperr);
+			zip_discard(intern);
+		} else {
+			obj->err_zip = 0;
+			obj->err_sys = 0;
+		}
+		success = !err;
+	}
+
+	// if we have a filename, we need to free it
+	if (obj->filename) {
+		/* clear cache as empty zip are not created but deleted */
+		php_clear_stat_cache(1, obj->filename, obj->filename_len);
+
+		efree(obj->filename);
+		obj->filename = NULL;
+		obj->filename_len = 0;
+	}
+
+	php_zipobj_release_buffers(obj);
+
+	obj->za = NULL;
+	return success;
+}
+/* }}} */
+
 int php_zip_glob(zend_string *spattern, zend_long flags, zval *return_value) /* {{{ */
 {
 	int cwd_skip = 0;
@@ -1021,21 +1091,8 @@ static void php_zip_object_dtor(zend_object *object)
 static void php_zip_object_free_storage(zend_object *object) /* {{{ */
 {
 	ze_zip_object * intern = php_zip_fetch_object(object);
-	int i;
 
-	if (intern->za) {
-		if (zip_close(intern->za) != 0) {
-			php_error_docref(NULL, E_WARNING, "Cannot destroy the zip context: %s", zip_strerror(intern->za));
-			zip_discard(intern->za);
-		}
-	}
-
-	if (intern->buffers_cnt>0) {
-		for (i=0; i<intern->buffers_cnt; i++) {
-			zend_string_release(intern->buffers[i]);
-		}
-		efree(intern->buffers);
-	}
+	php_zipobj_close(intern);
 
 #ifdef HAVE_PROGRESS_CALLBACK
 	/* if not properly called by libzip */
@@ -1047,12 +1104,7 @@ static void php_zip_object_free_storage(zend_object *object) /* {{{ */
 	php_zip_cancel_callback_free(intern);
 #endif
 
-	intern->za = NULL;
 	zend_object_std_dtor(&intern->zo);
-
-	if (intern->filename) {
-		efree(intern->filename);
-	}
 }
 /* }}} */
 
@@ -1448,19 +1500,8 @@ PHP_METHOD(ZipArchive, open)
 		RETURN_FALSE;
 	}
 
-	if (ze_obj->za) {
-		/* we already have an opened zip, free it */
-		if (zip_close(ze_obj->za) != 0) {
-			php_error_docref(NULL, E_WARNING, "Empty string as source");
-			efree(resolved_path);
-			RETURN_FALSE;
-		}
-		ze_obj->za = NULL;
-	}
-	if (ze_obj->filename) {
-		efree(ze_obj->filename);
-		ze_obj->filename = NULL;
-	}
+	// If we already have an opened zip, free it
+	php_zipobj_close(ze_obj);
 
 	/* open for write without option to empty the archive */
 	if ((flags & (ZIP_TRUNCATE | ZIP_RDONLY)) == 0) {
@@ -1488,44 +1529,46 @@ PHP_METHOD(ZipArchive, open)
 }
 /* }}} */
 
-/* {{{ Create new read-only zip using given buffer */
-PHP_METHOD(ZipArchive, openBuffer)
+/* {{{ Create new read-only zip using given string */
+PHP_METHOD(ZipArchive, openString)
 {
 	struct zip *intern;
 	zend_string *buffer;
 	zval *self = ZEND_THIS;
-	ze_zip_object *ze_obj;
 
 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "S", &buffer) == FAILURE) {
 		RETURN_THROWS();
 	}
 
+	ze_zip_object *ze_obj = Z_ZIP_P(self);
+
 	zip_error_t err;
 	zip_error_init(&err);
 
 	zip_source_t * zip_source = zip_source_buffer_create(ZSTR_VAL(buffer), ZSTR_LEN(buffer), 0, &err);
 
 	if (!zip_source) {
-		zend_value_error("Cannot open zip: %s", zip_error_strerror(&err));
+		ze_obj->err_zip = zip_error_code_zip(&err);
+		ze_obj->err_sys = zip_error_code_system(&err);
 		zip_error_fini(&err);
-		RETURN_THROWS();
+		RETURN_LONG(ze_obj->err_zip);
 	}
 
-	ze_obj = Z_ZIP_P(self);
+	php_zipobj_close(ze_obj);
 
 	intern = zip_open_from_source(zip_source, ZIP_RDONLY, &err);
 	if (!intern) {
-		zip_source_free(zip_source);
-		zend_value_error("Cannot open zip: %s", zip_error_strerror(&err));
+		ze_obj->err_zip = zip_error_code_zip(&err);
+		ze_obj->err_sys = zip_error_code_system(&err);
 		zip_error_fini(&err);
-		RETURN_THROWS();
+		zip_source_free(zip_source);
+		RETURN_LONG(ze_obj->err_zip);
 	}
 
-	zip_source_keep(zip_source);
-	zip_error_fini(&err);
-
+	php_zipobj_add_buffer(ze_obj, buffer);
 	ze_obj->za = intern;
-	ze_obj->source = zip_source;
+	zip_error_fini(&err);
+	RETURN_TRUE;
 }
 /* }}} */
 
@@ -1556,52 +1599,14 @@ PHP_METHOD(ZipArchive, close)
 {
 	struct zip *intern;
 	zval *self = ZEND_THIS;
-	ze_zip_object *ze_obj;
-	int err;
 
 	if (zend_parse_parameters_none() == FAILURE) {
 		RETURN_THROWS();
 	}
 
 	ZIP_FROM_OBJECT(intern, self);
 
-	ze_obj = Z_ZIP_P(self);
-
-	err = zip_close(intern);
-	if (err) {
-		php_error_docref(NULL, E_WARNING, "%s", zip_strerror(intern));
-		/* Save error for property reader */
-		zip_error_t *ziperr;
-
-		ziperr = zip_get_error(intern);
-		ze_obj->err_zip = zip_error_code_zip(ziperr);
-		ze_obj->err_sys = zip_error_code_system(ziperr);
-		zip_error_fini(ziperr);
-		zip_discard(intern);
-	} else {
-		ze_obj->err_zip = 0;
-		ze_obj->err_sys = 0;
-	}
-
-	// if we have a filename, we need to free it
-	if (ze_obj->filename) {
-		/* clear cache as empty zip are not created but deleted */
-		php_clear_stat_cache(1, ze_obj->filename, ze_obj->filename_len);
-
-		efree(ze_obj->filename);
-		ze_obj->filename = NULL;
-		ze_obj->filename_len = 0;
-	}
-
-	if (ze_obj->source) {
-		zip_source_close(ze_obj->source);
-		zip_source_free(ze_obj->source);
-		ze_obj->source = NULL;
-	}
-
-	ze_obj->za = NULL;
-
-	RETURN_BOOL(!err);
+	RETURN_BOOL(php_zipobj_close(Z_ZIP_P(self)));
 }
 /* }}} */
 
@@ -1915,7 +1920,6 @@ PHP_METHOD(ZipArchive, addFromString)
 	size_t name_len;
 	ze_zip_object *ze_obj;
 	struct zip_source *zs;
-	int pos = 0;
 	zend_long flags = ZIP_FL_OVERWRITE;
 
 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "sS|l",
@@ -1926,15 +1930,7 @@ PHP_METHOD(ZipArchive, addFromString)
 	ZIP_FROM_OBJECT(intern, self);
 
 	ze_obj = Z_ZIP_P(self);
-	if (ze_obj->buffers_cnt) {
-		ze_obj->buffers = safe_erealloc(ze_obj->buffers, sizeof(*ze_obj->buffers), (ze_obj->buffers_cnt + 1), 0);
-		pos = ze_obj->buffers_cnt++;
-	} else {
-		ze_obj->buffers = emalloc(sizeof(*ze_obj->buffers));
-		ze_obj->buffers_cnt++;
-		pos = 0;
-	}
-	ze_obj->buffers[pos] = zend_string_copy(buffer);
+	php_zipobj_add_buffer(ze_obj, buffer);
 
 	zs = zip_source_buffer(intern, ZSTR_VAL(buffer), ZSTR_LEN(buffer), 0);
 
diff --git a/ext/zip/php_zip.h b/ext/zip/php_zip.h
@@ -68,7 +68,6 @@ typedef struct _ze_zip_read_rsrc {
 /* Extends zend object */
 typedef struct _ze_zip_object {
 	struct zip *za;
-	zip_source_t *source;
 	zend_string **buffers;
 	HashTable *prop_handler;
 	char *filename;
diff --git a/ext/zip/php_zip.stub.php b/ext/zip/php_zip.stub.php
@@ -646,7 +646,7 @@ class ZipArchive implements Countable
     /** @tentative-return-type */
     public function open(string $filename, int $flags = 0): bool|int {}
 
-    public function openBuffer(string $data): void {}
+    public function openString(string $data): bool|int {}
 
     /**
      * @tentative-return-type
diff --git a/ext/zip/php_zip_arginfo.h b/ext/zip/php_zip_arginfo.h
diff --git a/ext/zip/tests/ZipArchive_openString.phpt b/ext/zip/tests/ZipArchive_openString.phpt
@@ -1,11 +1,11 @@
 --TEST--
-ZipArchive::openBuffer() method
+ZipArchive::openString() method
 --EXTENSIONS--
 zip
 --FILE--
 <?php
 $zip = new ZipArchive();
-$zip->openBuffer(file_get_contents(__DIR__."/test_procedural.zip"));
+$zip->openString(file_get_contents(__DIR__."/test_procedural.zip"));
 
 for ($i = 0; $i < $zip->numFiles; $i++) {
     $stat = $zip->statIndex($i);
diff --git a/ext/zip/tests/ZipArchive_openString_leak.phpt b/ext/zip/tests/ZipArchive_openString_leak.phpt
@@ -0,0 +1,25 @@
+--TEST--
+ZipArchive::openString leak tests
+--EXTENSIONS--
+zip
+--FILE--
+<?php
+$zip = new ZipArchive;
+$zip->openString(file_get_contents(__DIR__ . '/test.zip'));
+$zip = null;
+
+$zip = new ZipArchive;
+$zip->openString(file_get_contents(__DIR__ . '/test.zip'));
+$zip->openString(file_get_contents(__DIR__ . '/test.zip'));
+$zip = null;
+
+$zip = new ZipArchive;
+$zip->openString(file_get_contents(__DIR__ . '/test.zip'));
+$zip->open(__DIR__ . '/test.zip');
+$zip = null;
+
+$zip = new ZipArchive;
+$zip->open(__DIR__ . '/test.zip');
+$zip->openString(file_get_contents(__DIR__ . '/test.zip'));
+$zip = null;
+--EXPECT--
diff --git a/ext/zip/tests/ZipArchive_open_with_close_fail.phpt b/ext/zip/tests/ZipArchive_open_with_close_fail.phpt
@@ -0,0 +1,22 @@
+--TEST--
+zip_close() failure from ZipArchive::open()
+--EXTENSIONS--
+zip
+--FILE--
+<?php
+// Try to create an archive
+$zip = new ZipArchive();
+var_dump($zip->open(__DIR__ . '/close-fail.zip', ZipArchive::CREATE));
+file_put_contents(__DIR__.'/close-fail-file', '');
+$zip->addFile(__DIR__.'/close-fail-file');
+// Delete the file to trigger an error on close
+@unlink(__DIR__.'/close-fail-file');
+var_dump($zip->open(__DIR__ . '/test.zip', ZipArchive::RDONLY));
+var_dump($zip->getFromName('bar'));
+--EXPECTF--
+bool(true)
+
+Warning: ZipArchive::open(): Can't open file: No such file or directory in %s on line %d
+bool(true)
+string(4) "bar
+"
