From: runekl at opoint dot com
Operating system: All
PHP version: 5CVS-2004-01-16 (dev)
PHP Bug Type: Program Execution
Bug description: exec does not read consecutive ling lines correctly
Description:
------------
Exec fails to read two consecutive lines longer than 2*EXEC_INPUT_BUF
correctly. While reading the first line, buflen is set to
3*EXEC_INPUT_BUF. When reading part two of the second line, bufl will be
EXEC_INPUT_BUF to large since b!=buf.
Here is a patch:
Index: exec.c
===================================================================
RCS file: /repository/php-src/ext/standard/exec.c,v
retrieving revision 1.108
diff -C4 -r1.108 exec.c
*** exec.c 8 Jan 2004 08:17:31 -0000 1.108
--- exec.c 16 Jan 2004 21:35:35 -0000
***************
*** 111,132 ****
if (type != 3) {
b = buf;
! while (php_stream_get_line(stream, b, EXEC_INPUT_BUF,
&bufl)) {
/* no new line found, let's read some more */
if (b[bufl - 1] != '\n' &&
!php_stream_eof(stream)) {
if (buflen < (bufl + (b - buf) +
EXEC_INPUT_BUF)) {
bufl += b - buf;
! buflen = bufl + EXEC_INPUT_BUF;
buf = erealloc(buf, buflen);
b = buf + bufl;
} else {
b += bufl;
}
continue;
} else if (b != buf) {
! bufl += buflen - EXEC_INPUT_BUF;
}
if (type == 1) {
PHPWRITE(buf, bufl);
--- 111,132 ----
if (type != 3) {
b = buf;
! while (php_stream_get_line(stream, b, buflen - (b - buf),
&bufl)) {
/* no new line found, let's read some more */
if (b[bufl - 1] != '\n' &&
!php_stream_eof(stream)) {
if (buflen < (bufl + (b - buf) +
EXEC_INPUT_BUF)) {
bufl += b - buf;
! buflen = bufl + 1 +
EXEC_INPUT_BUF;
buf = erealloc(buf, buflen);
b = buf + bufl;
} else {
b += bufl;
}
continue;
} else if (b != buf) {
! bufl += (b - buf);
}
if (type == 1) {
PHPWRITE(buf, bufl);
--
Edit bug report at http://bugs.php.net/?id=26938&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=26938&r=trysnapshot4
Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=26938&r=trysnapshot5
Fixed in CVS: http://bugs.php.net/fix.php?id=26938&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=26938&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=26938&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=26938&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=26938&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=26938&r=support
Expected behavior: http://bugs.php.net/fix.php?id=26938&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=26938&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=26938&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=26938&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=26938&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=26938&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=26938&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=26938&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=26938&r=float
