- Fix #55295, check if malloc failed

author Pierre Joye <pajoye@php.net>

Wed, 27 Jul 2011 14:23:06 +0000 (14:23 +0000)

committer Pierre Joye <pajoye@php.net>

Wed, 27 Jul 2011 14:23:06 +0000 (14:23 +0000)
author Pierre Joye <pajoye@php.net>
Wed, 27 Jul 2011 14:23:06 +0000 (14:23 +0000)
committer Pierre Joye <pajoye@php.net>
Wed, 27 Jul 2011 14:23:06 +0000 (14:23 +0000)
diff --git a/NEWS b/NEWS

index 8166aa66503ec8ea8978dca9dd10c29a7611c726..9f8bcbc49234a77da86633e9493e51547925728a 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,10 @@ PHP                                                                        NEWS
    . On blocking SSL sockets respect the timeout option where possible.
      (Scott)
  
+- Core
+  . Fix bug #55295 [NEW]: popen_ex on windows, fixed possible heap overflow
+    (Pierre)
+
  14 Jul 2011, PHP 5.3.7 RC3
  - Zend Engine:
    . Fixed bug #55156 (ReflectionClass::getDocComment() returns comment even
diff --git a/TSRM/tsrm_win32.c b/TSRM/tsrm_win32.c

index c61607b5522a571c474cfb2802d86241014517ce..8603a9039e2c68371ffc28ca0fe21c8243173163 100644 (file)
--- a/TSRM/tsrm_win32.c
+++ b/TSRM/tsrm_win32.c
@@ -532,6 +532,10 @@ TSRM_API FILE *popen_ex(const char *command, const char *type, const char *cwd,
         }
  
         cmd = (char*)malloc(strlen(command)+strlen(TWG(comspec))+sizeof(" /c ")+2);
+       if (!cmd) {
+               return NULL;
+       }
+
         sprintf(cmd, "%s /c \"%s\"", TWG(comspec), command);
         if (asuser) {
                 res = CreateProcessAsUser(token_user, NULL, cmd, &security, &security, security.bInheritHandle, dwCreateFlags, env, cwd, &startup, &process);
author	Pierre Joye <pajoye@php.net>
	Wed, 27 Jul 2011 14:23:06 +0000 (14:23 +0000)
committer	Pierre Joye <pajoye@php.net>
	Wed, 27 Jul 2011 14:23:06 +0000 (14:23 +0000)
NEWS		patch \| blob \| history
TSRM/tsrm_win32.c		patch \| blob \| history