From cc6e6782246166f2f64eed7019d02273ba08b9c2 Mon Sep 17 00:00:00 2001
From: Felipe Pena <felipe@php.net>
Date: Thu, 30 Oct 2008 15:56:23 +0000
Subject: [PATCH] - MFB: Fixed memory leak when using offset out of range.
 (php_stream_copy_to_mem returns 0, but the empty string is alloced)

---
 ext/standard/streamsfuncs.c                   | 12 +++++-----
 .../streams/stream_get_contents_001.phpt      | 22 +++++++++++++++++++
 2 files changed, 27 insertions(+), 7 deletions(-)
 create mode 100644 ext/standard/tests/streams/stream_get_contents_001.phpt

diff --git a/ext/standard/streamsfuncs.c b/ext/standard/streamsfuncs.c
index d84cfc538c..2c6acf3410 100644
--- a/ext/standard/streamsfuncs.c
+++ b/ext/standard/streamsfuncs.c
@@ -411,18 +411,16 @@ PHP_FUNCTION(stream_get_contents)
 		RETURN_FALSE;
 	}
 
-	if ((len = php_stream_copy_to_mem(stream, &contents, maxlen, 0)) > 0) {
-		
-		if (PG(magic_quotes_runtime)) {
+	len = php_stream_copy_to_mem(stream, &contents, maxlen, 0);
+	
+	if (contents) {
+		if (len && PG(magic_quotes_runtime)) {
 			contents = php_addslashes(contents, len, &newlen, 1 TSRMLS_CC); /* 1 = free source string */
 			len = newlen;
 		}
-
 		RETVAL_STRINGL(contents, len, 0);
-	} else if (len == 0) {
-		RETVAL_EMPTY_STRING();
 	} else {
-		RETVAL_FALSE;
+		RETVAL_EMPTY_STRING();
 	}
 }
 /* }}} */
diff --git a/ext/standard/tests/streams/stream_get_contents_001.phpt b/ext/standard/tests/streams/stream_get_contents_001.phpt
new file mode 100644
index 0000000000..dc7fcb239c
--- /dev/null
+++ b/ext/standard/tests/streams/stream_get_contents_001.phpt
@@ -0,0 +1,22 @@
+--TEST--
+stream_get_contents() - Testing offset out of range
+--FILE--
+<?php
+
+$tmp = tmpfile();
+
+fwrite($tmp, "12345");
+
+echo stream_get_contents($tmp, 2, 5), "--\n";
+echo stream_get_contents($tmp, 2), "--\n";
+echo stream_get_contents($tmp, 2, 3), "--\n";
+echo stream_get_contents($tmp, 2, -1), "--\n";
+
+@unlink($tmp);
+
+?>
+--EXPECT--
+--
+--
+45--
+--
-- 
2.40.0