From: [EMAIL PROTECTED] Operating system: any PHP version: 4.2.0 PHP Bug Type: Reproducible crash Bug description: Crash in shell_exec when popen fails (fix included)
(This web form will probably eat the diff, so you can also get it here: http://www.cs.ucsd.edu/~sbrown/php-shell_exec-fix.diff) If PHP is resource-starved and can't popen, the shell_exec function detects the error but forgets to return, resulting in a NULL (FILE *) being passed to fread on line 466 of exec.c (PHP 4.2.0) which causes a crash. This patch adds the missing RETURN_FALSE. Steven Brown <[EMAIL PROTECTED]> --- php-4.2.0/ext/standard/exec.c Tue Dec 11 07:30:29 2001 +++ php-4.2.0-fixed/ext/standard/exec.c Wed Apr 24 15:39:56 2002 @@ -459,6 +459,7 @@ if ((in=VCWD_POPEN(Z_STRVAL_PP(cmd), "r"))==NULL) { #endif php_error(E_WARNING, "Unable to execute '%s'", Z_STRVAL_PP(cmd)); + RETURN_FALSE; } allocated_space = EXEC_INPUT_BUF; ret = (char *) emalloc(allocated_space); -- Edit bug report at http://bugs.php.net/?id=16811&edit=1 -- Fixed in CVS: http://bugs.php.net/fix.php?id=16811&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=16811&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=16811&r=needtrace Try newer version: http://bugs.php.net/fix.php?id=16811&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=16811&r=support Expected behavior: http://bugs.php.net/fix.php?id=16811&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=16811&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=16811&r=submittedtwice
