Backported from 5.6.30 by Remi.


From e5246580a85f031e1a3b8064edbaa55c1643a451 Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Sat, 31 Dec 2016 18:47:50 -0800
Subject: [PATCH] Fix bug #73773 - Seg fault when loading hostile phar

---
 ext/phar/phar.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ext/phar/phar.c b/ext/phar/phar.c
index 158f417..780be43 100644
--- a/ext/phar/phar.c
+++ b/ext/phar/phar.c
@@ -1054,7 +1054,7 @@ static int phar_parse_pharfile(php_stream *fp, char *fname, int fname_len, char
 	entry.is_persistent = mydata->is_persistent;
 
 	for (manifest_index = 0; manifest_index < manifest_count; ++manifest_index) {
-		if (buffer + 24 > endbuffer) {
+		if (buffer + 28 > endbuffer) {
 			MAPPHAR_FAIL("internal corruption of phar \"%s\" (truncated manifest entry)")
 		}
 
@@ -1068,7 +1068,7 @@ static int phar_parse_pharfile(php_stream *fp, char *fname, int fname_len, char
 			entry.manifest_pos = manifest_index;
 		}
 
-		if (entry.filename_len > endbuffer - buffer - 20) {
+		if (entry.filename_len > endbuffer - buffer - 24) {
 			MAPPHAR_FAIL("internal corruption of phar \"%s\" (truncated manifest entry)");
 		}
 
-- 
2.1.4