add php_http_buffer_account(buf, size_t account)

diff --git a/php_http_buffer.c b/php_http_buffer.c
index bd99dc84f1677ce2a766b2c215796691719c7117..ef0abcd067f7c186953f81e78f64d61ba8dfbc82 100644 (file)
--- a/php_http_buffer.c
+++ b/php_http_buffer.c
@@ -72,6 +72,19 @@ PHP_HTTP_BUFFER_API size_t php_http_buffer_resize_ex(php_http_buffer_t *buf, siz
        return 0;
 }
 
+PHP_HTTP_BUFFER_API char *php_http_buffer_account(php_http_buffer_t *buf, size_t to_account)
+{
+       /* it's probably already too late but check anyway */
+       if (to_account > buf->free) {
+               return NULL;
+       }
+
+       buf->free -= to_account;
+       buf->used += to_account;
+
+       return buf->data + buf->used;
+}
+
 PHP_HTTP_BUFFER_API size_t php_http_buffer_shrink(php_http_buffer_t *buf)
 {
        /* avoid another realloc on fixation */

diff --git a/php_http_buffer.h b/php_http_buffer.h
index 2052fe8a3711583560a96ae9164b1476c20adffc..012c8cffb15cbd4968e8fe93cffd068076e278fe 100644 (file)
--- a/php_http_buffer.h
+++ b/php_http_buffer.h
@@ -151,6 +151,8 @@ PHP_HTTP_BUFFER_API php_http_buffer_t *php_http_buffer_from_string_ex(php_http_b
 #define php_http_buffer_resize(b, s) php_http_buffer_resize_ex((b), (s), 0, 0)
 PHP_HTTP_BUFFER_API size_t php_http_buffer_resize_ex(php_http_buffer_t *buf, size_t len, size_t override_size, int allow_error);
 
+PHP_HTTP_BUFFER_API char *php_http_buffer_account(php_http_buffer_t *buf, size_t to_account);
+
 /* shrink memory chunk to actually used size (+1) */
 PHP_HTTP_BUFFER_API size_t php_http_buffer_shrink(php_http_buffer_t *buf);
 

diff --git a/php_http_encoding.c b/php_http_encoding.c
index ce47fcdff87cf30a5a15dd7482a679ba61519ae6..bc3a1bdc6f4036353b8516b956aa4cc75e57b672 100644 (file)
--- a/php_http_encoding.c
+++ b/php_http_encoding.c
@@ -129,9 +129,7 @@ static inline int php_http_inflate_rounds(z_stream *Z, int flush, char **buf, si
                        fprintf(stderr, "\n%3d: %3d PRIOR: size=%7lu,\tfree=%7lu,\tused=%7lu,\tavail_in=%7lu,\tavail_out=%7lu\n", round, status, buffer.size, buffer.free, buffer.used, Z->avail_in, Z->avail_out);
 #endif
                        status = inflate(Z, flush);
-                       
-                       buffer.used += buffer.free - Z->avail_out;
-                       buffer.free = Z->avail_out;
+                       php_http_buffer_account(&buffer, buffer.free - Z->avail_out);
 #if 0
                        fprintf(stderr, "%3d: %3d AFTER: size=%7lu,\tfree=%7lu,\tused=%7lu,\tavail_in=%7lu,\tavail_out=%7lu\n", round, status, buffer.size, buffer.free, buffer.used, Z->avail_in, Z->avail_out);
 #endif
@@ -203,7 +201,7 @@ retry_raw_inflate:
        status = inflateInit2(&Z, wbits);
        if (Z_OK == status) {
                Z.next_in = (Bytef *) data;
-               Z.avail_in = data_len;
+               Z.avail_in = data_len + 1; /* include the terminating NULL, see #61287 */
                
                switch (status = php_http_inflate_rounds(&Z, Z_NO_FLUSH, decoded, decoded_len)) {
                        case Z_STREAM_END:

diff --git a/php_http_message_parser.c b/php_http_message_parser.c
index 23cf4f8b79357779c82be746f16b8d1e063d76e5..ca2027b5724eccff9ebac7318f56de787ba1fd5f 100644 (file)
--- a/php_http_message_parser.c
+++ b/php_http_message_parser.c
@@ -117,38 +117,31 @@ PHP_HTTP_API php_http_message_parser_state_t php_http_message_parser_parse_strea
                        case PHP_HTTP_MESSAGE_PARSER_STATE_HEADER:
                        case PHP_HTTP_MESSAGE_PARSER_STATE_HEADER_DONE:
                                /* read line */
-                               php_stream_get_line(s, buf.data, buf.free, &len);
-                               buf.used += len;
-                               buf.free -= len;
+                               php_stream_get_line(s, buf.data + buf.used, buf.free, &len);
+                               php_http_buffer_account(&buf, len);
                                break;
 
                        case PHP_HTTP_MESSAGE_PARSER_STATE_BODY_DUMB:
                                /* read all */
-                               len = php_stream_read(s, buf.data, buf.free);
-                               buf.used += len;
-                               buf.free -= len;
+                               php_http_buffer_account(&buf, php_stream_read(s, buf.data + buf.used, buf.free));
                                break;
 
                        case PHP_HTTP_MESSAGE_PARSER_STATE_BODY_LENGTH:
                                /* read body_length */
-                               len = php_stream_read(s, buf.data, MIN(buf.free, parser->body_length));
-                               buf.used += len;
-                               buf.free -= len;
+                               php_http_buffer_account(&buf, php_stream_read(s, buf.data + buf.used, MIN(buf.free, parser->body_length)));
                                break;
 
                        case PHP_HTTP_MESSAGE_PARSER_STATE_BODY_CHUNKED:
                                /* duh, this is very naive */
                                if (len) {
-                                       size_t read = php_stream_read(s, buf.data, MIN(len, buf.free));
+                                       size_t read = php_stream_read(s, buf.data + buf.used, MIN(len, buf.free));
 
-                                       buf.used += read;
-                                       buf.free -= read;
+                                       php_http_buffer_account(&buf, read);
 
                                        len -= read;
                                } else {
                                        php_stream_get_line(s, buf.data, buf.free, &len);
-                                       buf.used += len;
-                                       buf.free -= len;
+                                       php_http_buffer_account(&buf, len);
 
                                        len = strtoul(buf.data - len, NULL, 16);
                                }