Properly address incomplete multibyte chars inside escapeshellcmd()

diff --git a/ext/standard/exec.c b/ext/standard/exec.c
index aedfa94ce2a35411e0de1783c99cc32e0ae9f168..32e0f693eaa5ba4ada7f34bf11c498be737c5af5 100644 (file)
--- a/ext/standard/exec.c
+++ b/ext/standard/exec.c
@@ -271,6 +271,11 @@ PHPAPI char *php_escape_shell_cmd(char *str)
        cmd = safe_emalloc(2, l, 1);
 
        for (x = 0, y = 0; x < l; x++) {
+               /* skip non-valid multibyte characters */
+               if (php_mblen(str + x, (l - x)) < 0) {
+                       continue;
+               }
+
                switch (str[x]) {
                        case '"':
                        case '\'':