From: Stanislav Malyshev <stas@php.net>
Date: Tue, 28 Oct 2014 02:04:46 +0000 (-0700)
Subject: Fix bug #68095 - invalid read in php_getopt()
X-Git-Tag: php-5.5.19RC1~2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=deadeeae1d08877021eb2796aa6790baa74361ed;p=php

Fix bug #68095 - invalid read in php_getopt()

It's a hacky solution and incomplete, but I don't see other way
without refactoring the whole getopt protocol.
---

diff --git a/NEWS b/NEWS
index c7fd7afe4a..15a2951377 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,8 @@ PHP                                                                        NEWS
 ?? ??? 2014, PHP 5.5.19
 
 - Core:
+  . Fixed bug #68095 (AddressSanitizer reports a heap buffer overflow in 
+    php_getopt()). (Stas)
   . Fixed bug #68118 ($a->foo .= 'test'; can leave $a->foo undefined). (Nikita)
   . Fixed bug #68129 (parse_url() - incomplete support for empty usernames
     and passwords) (Tjerk)
diff --git a/main/getopt.c b/main/getopt.c
index a31a6c75d5..258173fc22 100644
--- a/main/getopt.c
+++ b/main/getopt.c
@@ -59,9 +59,17 @@ PHPAPI int php_getopt(int argc, char* const *argv, const opt_struct opts[], char
 {
 	static int optchr = 0;
 	static int dash = 0; /* have already seen the - */
+	static char **prev_optarg = NULL;
 
 	php_optidx = -1;
 
+	if(prev_optarg && prev_optarg != optarg) {
+		/* reset the state */
+		optchr = 0;
+		dash = 0;
+	}
+	prev_optarg = optarg;
+
 	if (*optind >= argc) {
 		return(EOF);
 	}