Fix GH-20442: Phar does not respect case-insensitiveness of __halt_compiler() when reading stub

Functions are case insensitive. The flush code already takes this into
account by checking for the __halt_compiler() symbol in a case
insensitive manner; however the parsing code did not do that yet.

Closes GH-20445.

Author: ndossche

NEWS

@@ -13,6 +13,10 @@ PHP                                                                        NEWS
   . Fixed bug GH-20329 (opcache.file_cache broken with full interned string
     buffer). (Arnaud)
 
+- Phar:
+  . Fixed bug GH-20442 (Phar does not respect case-insensitiveness of
+    __halt_compiler() when reading stub). (ndossche, TimWolla)
+
 - Standard:
   . Fix memory leak in array_diff() with custom type checks. (ndossche)
 

ext/phar/phar.c

@@ -1590,35 +1590,6 @@ int phar_open_from_filename(char *fname, size_t fname_len, char *alias, size_t a
 }
 /* }}}*/
 
-static inline char *phar_strnstr(const char *buf, size_t buf_len, const char *search, size_t search_len) /* {{{ */
-{
-	const char *c;
-	ptrdiff_t so_far = 0;
-
-	if (buf_len < search_len) {
-		return NULL;
-	}
-
-	c = buf - 1;
-
-	do {
-		if (!(c = memchr(c + 1, search[0], buf_len - search_len - so_far))) {
-			return (char *) NULL;
-		}
-
-		so_far = c - buf;
-
-		if (so_far >= (buf_len - search_len)) {
-			return (char *) NULL;
-		}
-
-		if (!memcmp(c, search, search_len)) {
-			return (char *) c;
-		}
-	} while (1);
-}
-/* }}} */
-
 /**
  * Scan an open fp for the required __HALT_COMPILER(); ?> token and verify
  * that the manifest is proper, then pass it to phar_parse_pharfile().  SUCCESS
@@ -1630,7 +1601,8 @@ static int phar_open_from_fp(php_stream* fp, char *fname, size_t fname_len, char
 	static const char zip_magic[] = "PK\x03\x04";
 	static const char gz_magic[] = "\x1f\x8b\x08";
 	static const char bz_magic[] = "BZh";
-	char *pos, test = '\0';
+	const char *pos;
+	char test = '\0';
 	int recursion_count = 3; // arbitrary limit to avoid too deep or even infinite recursion
 	const int window_size = 1024;
 	char buffer[1024 + sizeof(token)]; /* a 1024 byte window + the size of the halt_compiler token (moving window) */
@@ -1779,14 +1751,14 @@ static int phar_open_from_fp(php_stream* fp, char *fname, size_t fname_len, char
 			}
 
 			if (got >= 512) {
-				if (phar_is_tar(pos, fname)) {
+				if (phar_is_tar((char *) pos, fname)) { /* TODO: fix const correctness */
 					php_stream_rewind(fp);
 					return phar_parse_tarfile(fp, fname, fname_len, alias, alias_len, pphar, is_data, compression, error);
 				}
 			}
 		}
 
-		if (got > 0 && (pos = phar_strnstr(buffer, got + sizeof(token), token, sizeof(token)-1)) != NULL) {
+		if (got > 0 && (pos = php_memnistr(buffer, token, tokenlen, buffer + got + sizeof(token))) != NULL) {
 			halt_offset += (pos - buffer); /* no -tokenlen+tokenlen here */
 			return phar_parse_pharfile(fp, fname, fname_len, alias, alias_len, halt_offset, pphar, compression, error);
 		}

ext/phar/tests/files/gh20442.phar

@@ -0,0 +1,18 @@
+--TEST--
+GH-20442 (Phar does not respect case-insensitiveness of __halt_compiler() when reading stub)
+--EXTENSIONS--
+phar
+--FILE--
+<?php
+
+$phar = new Phar(__DIR__.'/files/gh20442.phar');
+var_dump($phar->count());
+var_dump($phar->getStub());
+
+?>
+--EXPECT--
+int(1)
+string(50) "<?php
+echo "Hello World!";
+__halt_compiler(); ?>
+"