From: Bob Weinand Date: Tue, 20 Dec 2016 19:18:36 +0000 (+0100) Subject: Fixed bug #73794 (Crash (out of memory) when using run and # command separator) X-Git-Tag: php-7.1.1RC1~68 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8b06b7e2665e16d1643f7027072dfd3ec34fa0e2;p=php Fixed bug #73794 (Crash (out of memory) when using run and # command separator) --- diff --git a/NEWS b/NEWS index 374dd1c8ea..53a4483e96 100644 --- a/NEWS +++ b/NEWS @@ -39,6 +39,10 @@ PHP NEWS . Fixed bug #72931 (PDO_FIREBIRD with Firebird 3.0 not work on returning statement). (Dorin Marcoci) +- phpdbg: + . Fixed bug #73794 (Crash (out of memory) when using run and # command + separator). (Bob) + - Standard: . Fixed bug #73594 (dns_get_record does not populate $additional out parameter). (Bruce Weirdan) diff --git a/sapi/phpdbg/phpdbg_prompt.c b/sapi/phpdbg/phpdbg_prompt.c index da2cdfb738..822f25f005 100644 --- a/sapi/phpdbg/phpdbg_prompt.c +++ b/sapi/phpdbg/phpdbg_prompt.c @@ -803,10 +803,13 @@ PHPDBG_COMMAND(run) /* {{{ */ if (param && param->type != EMPTY_PARAM && param->len != 0) { char **argv = emalloc(5 * sizeof(char *)); char *end = param->str + param->len, *p = param->str; + char last_byte; int argc = 0; int i; while (*end == '\r' || *end == '\n') *(end--) = 0; + last_byte = end[1]; + end[1] = 0; while (*p == ' ') p++; while (*p) { @@ -870,6 +873,7 @@ free_cmd: efree(argv[i]); } efree(argv); + end[1] = last_byte; return SUCCESS; } @@ -880,6 +884,8 @@ free_cmd: do p++; while (*p == ' '); } } + end[1] = last_byte; + argv[0] = SG(request_info).argv[0]; for (i = SG(request_info).argc; --i;) { efree(SG(request_info).argv[i]); diff --git a/sapi/phpdbg/tests/bug73794.phpt b/sapi/phpdbg/tests/bug73794.phpt new file mode 100644 index 0000000000..8d5ba234c7 --- /dev/null +++ b/sapi/phpdbg/tests/bug73794.phpt @@ -0,0 +1,11 @@ +--TEST-- +Bug #73794 (Crash (out of memory) when using run and # command separator) +--PHPDBG-- +r echo # quit +--EXPECTF-- +[Successful compilation of %s] +prompt> echo +--FILE-- +