]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3273f15)
Fixed bug #73794 (Crash (out of memory) when using run and # command separator)
authorBob Weinand <bobwei9@hotmail.com>
Tue, 20 Dec 2016 19:18:36 +0000 (20:18 +0100)
committerBob Weinand <bobwei9@hotmail.com>
Tue, 20 Dec 2016 19:18:36 +0000 (20:18 +0100)
NEWS patch | blob | history
sapi/phpdbg/phpdbg_prompt.c patch | blob | history
sapi/phpdbg/tests/bug73794.phpt [new file with mode: 0644] patch | blob

diff --git a/NEWS b/NEWS
index 374dd1c8ea76c34d34190d712e0b77f6444d956a..53a4483e96215a139cc088b0db30d69127a7cb8c 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -39,6 +39,10 @@ PHP                                                                        NEWS
   . Fixed bug #72931 (PDO_FIREBIRD with Firebird 3.0 not work on returning
     statement). (Dorin Marcoci)
 
+- phpdbg:
+  . Fixed bug #73794 (Crash (out of memory) when using run and # command
+    separator). (Bob)
+
 - Standard:
   . Fixed bug #73594 (dns_get_record does not populate $additional out parameter).
     (Bruce Weirdan)
diff --git a/sapi/phpdbg/phpdbg_prompt.c b/sapi/phpdbg/phpdbg_prompt.c
index da2cdfb738c344de4d48f5febb9018583e84981d..822f25f0059fa87673052d288def4918fb3bcd77 100644 (file)
--- a/sapi/phpdbg/phpdbg_prompt.c
+++ b/sapi/phpdbg/phpdbg_prompt.c
@@ -803,10 +803,13 @@ PHPDBG_COMMAND(run) /* {{{ */
                if (param && param->type != EMPTY_PARAM && param->len != 0) {
                        char **argv = emalloc(5 * sizeof(char *));
                        char *end = param->str + param->len, *p = param->str;
+                       char last_byte;
                        int argc = 0;
                        int i;
 
                        while (*end == '\r' || *end == '\n') *(end--) = 0;
+                       last_byte = end[1];
+                       end[1] = 0;
 
                        while (*p == ' ') p++;
                        while (*p) {
@@ -870,6 +873,7 @@ free_cmd:
                                                efree(argv[i]);
                                        }
                                        efree(argv);
+                                       end[1] = last_byte;
                                        return SUCCESS;
                                }
 
@@ -880,6 +884,8 @@ free_cmd:
                                        do p++; while (*p == ' ');
                                }
                        }
+                       end[1] = last_byte;
+
                        argv[0] = SG(request_info).argv[0];
                        for (i = SG(request_info).argc; --i;) {
                                efree(SG(request_info).argv[i]);
diff --git a/sapi/phpdbg/tests/bug73794.phpt b/sapi/phpdbg/tests/bug73794.phpt
new file mode 100644 (file)
index 0000000..8d5ba23
--- /dev/null
+++ b/sapi/phpdbg/tests/bug73794.phpt
@@ -0,0 +1,11 @@
+--TEST--
+Bug #73794 (Crash (out of memory) when using run and # command separator)
+--PHPDBG--
+r echo # quit
+--EXPECTF--
+[Successful compilation of %s]
+prompt> echo
+--FILE--
+<?php
+echo $argv[1];
+?>
Unnamed repository; edit this file 'description' to name the repository.