I have a basic understanding of this vulnerability it is a buffer over read and sort of know what this piece of code is doing though it would be great to get some expert advice.
static int phar_parse_pharfile(php_stream *fp, char *fname, int fname_len, char *alias, int alias_len, long halt_offset, phar_archive_dat.......... pphar, php_uint32 compression, char **error TSRMLS_DC) /* {{{ */
{
char b32[4], *buffer, *endbuffer, *savebuf;
phar_archive_data *mydata = NULL;
phar_entry_info entry;
I see the static integer or number function which is aset of instructions being declared and the data types it returns being in the brackets. For loop that processes manifest entries does not determine and check if the metadata_length (4) is inside so the buffer can be over written what is the char b32 mean though
