ID: 49847 Updated by: il...@php.net Reported By: soner at comixwall dot org -Status: Analyzed +Status: Closed Bug Type: Program Execution Operating System: OpenBSD, Linux, Windows PHP Version: 5.2.11 New Comment:
This bug has been fixed in SVN. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2009-10-14 01:32:08] s...@php.net Automatic comment from SVN on behalf of iliaa Revision: http://svn.php.net/viewvc/?view=revision&revision=289624 Log: Fixed bug #49847 (exec() fails to return data inside 2nd parameter, given output lines >4095 bytes). ------------------------------------------------------------------------ [2009-10-12 20:20:56] sjo...@php.net Filed Bug #49851 "HTTP breaks on long header line", which has the same cause. ------------------------------------------------------------------------ [2009-10-12 19:28:18] sjo...@php.net >From exec.c:125: while (php_stream_get_line(stream, ... b, EXEC_INPUT_BUF, &bufl)) { /* no new line found, let's read some more */ if (b[bufl - 1] != '\n' && !php_stream_eof(stream)) { ... continue; ... add_next_index_stringl(array, buf, bufl, 1); php_stream_get_line reads all the data. No newline is found, because there is none. The reading has not yet triggered php_stream_eof, because reading has stopped just before the bytes ran out. Loop starts again. php_stream_get_line now reads no bytes at all, because no bytes are left. Loop quits without adding the string to the array. ------------------------------------------------------------------------ [2009-10-12 19:01:54] sjo...@php.net The trick is that the string which is output is 4095 bytes long. exec("printf %4095d 1", $output); print_r($output); ------------------------------------------------------------------------ [2009-10-12 16:57:11] soner at comixwall dot org Description: ------------ When shell command returns a specially crafted string, I get an empty array as $output of exec(), instead of the string. I can very easily reproduce this issue, please see below for test code. Reproduce code: --------------- Put the following lines in bug.php: <?php exec('php echostr.php', $output); print_r($output); ?> Then put the contents at the following link in echostr.php: http://comixwall.org/dmdocuments/echostr Expected result: ---------------- When you execute bug.php, you will get an empty array printed out: Array ( ) Actual result: -------------- Actually, $output should have contained the string above as element 0 of the array. If you delete or add a character in the string, exec() runs correctly and you get the intended result. So the issue is specific to this special string. The problem is not with the size of the string, because much longer strings are fine. Also this issue does *not* exists with passthru(), shell_exec() functions and backtick operator. Furthermore, exec() return value, i.e. the last line of shell command output seems fine too (it contains the string correctly). So I believe the issue is internal to exec(), effecting $output contents only. As you can guess, this string is in fact serialized openvpn startup log lines (I just escaped the single quotes for testing purposes, that's all), it is not some manually crafted string. Therefore, it is possible that I may get more than one similar situation in the future. I have confirmed this issue on OpenBSD, Linux, and Windows. Here are the versions: OpenBSD: PHP 5.2.8 with Suhosin-Patch 0.9.6.3 (cli) (built: Mar 1 2009 10:26:06) Copyright (c) 1997-2008 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies with Suhosin v0.9.27, Copyright (c) 2007, by SektionEins GmbH Linux: PHP 5.2.6-3ubuntu4.2 with Suhosin-Patch 0.9.6.2 (cli) (built: Aug 21 2009 21:43:13) Copyright (c) 1997-2008 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies Windows: PHP 5.2.11 (cli) (built: Sep 16 2009 19:39:46) Copyright (c) 1997-2009 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies Since Windows version is without Suhosin patch, suhosin as culprit is ruled out. (Also to test on Windows, I changed the exec shell command as 'php.exe echostr.php' of course.) ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=49847&edit=1
