From: Pierre Joye <pajoye@php.net>
Date: Wed, 27 Jul 2011 14:23:06 +0000 (+0000)
Subject: - Fix #55295, check if malloc failed
X-Git-Tag: php-5.3.7RC4~10
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0e3ec21e6fe63c93b6a7ab06ee37a06416363a9e;p=php

- Fix #55295, check if malloc failed
---

diff --git a/NEWS b/NEWS
index 8166aa6650..9f8bcbc492 100644
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,10 @@ PHP                                                                        NEWS
   . On blocking SSL sockets respect the timeout option where possible.
     (Scott)
 
+- Core
+  . Fix bug #55295 [NEW]: popen_ex on windows, fixed possible heap overflow
+    (Pierre)
+
 14 Jul 2011, PHP 5.3.7 RC3
 - Zend Engine:
   . Fixed bug #55156 (ReflectionClass::getDocComment() returns comment even
diff --git a/TSRM/tsrm_win32.c b/TSRM/tsrm_win32.c
index c61607b552..8603a9039e 100644
--- a/TSRM/tsrm_win32.c
+++ b/TSRM/tsrm_win32.c
@@ -532,6 +532,10 @@ TSRM_API FILE *popen_ex(const char *command, const char *type, const char *cwd,
 	}
 
 	cmd = (char*)malloc(strlen(command)+strlen(TWG(comspec))+sizeof(" /c ")+2);
+	if (!cmd) {
+		return NULL;
+	}
+
 	sprintf(cmd, "%s /c \"%s\"", TWG(comspec), command);
 	if (asuser) {
 		res = CreateProcessAsUser(token_user, NULL, cmd, &security, &security, security.bInheritHandle, dwCreateFlags, env, cwd, &startup, &process);