ID: 26938
Updated by: [EMAIL PROTECTED]
Reported By: runekl at opoint dot com
-Status: Open
+Status: Feedback
Bug Type: Program Execution
Operating System: All
PHP Version: 5CVS-2004-01-16 (dev)
New Comment:
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves.
A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external
resources such as databases, etc.
If possible, make the script source available online and provide
an URL to it here. Try avoid embedding huge scripts into the report.
Previous Comments:
------------------------------------------------------------------------
[2004-01-16 16:38:38] runekl at opoint dot com
Description:
------------
Exec fails to read two consecutive lines longer than 2*EXEC_INPUT_BUF
correctly. While reading the first line, buflen is set to
3*EXEC_INPUT_BUF. When reading part two of the second line, bufl will
be EXEC_INPUT_BUF to large since b!=buf.
Here is a patch:
Index: exec.c
===================================================================
RCS file: /repository/php-src/ext/standard/exec.c,v
retrieving revision 1.108
diff -C4 -r1.108 exec.c
*** exec.c 8 Jan 2004 08:17:31 -0000 1.108
--- exec.c 16 Jan 2004 21:35:35 -0000
***************
*** 111,132 ****
if (type != 3) {
b = buf;
! while (php_stream_get_line(stream, b, EXEC_INPUT_BUF,
&bufl)) {
/* no new line found, let's read some more */
if (b[bufl - 1] != '\n' &&
!php_stream_eof(stream)) {
if (buflen < (bufl + (b - buf) +
EXEC_INPUT_BUF)) {
bufl += b - buf;
! buflen = bufl +
EXEC_INPUT_BUF;
buf = erealloc(buf, buflen);
b = buf + bufl;
} else {
b += bufl;
}
continue;
} else if (b != buf) {
! bufl += buflen - EXEC_INPUT_BUF;
}
if (type == 1) {
PHPWRITE(buf, bufl);
--- 111,132 ----
if (type != 3) {
b = buf;
! while (php_stream_get_line(stream, b, buflen - (b -
buf), &bufl)) {
/* no new line found, let's read some more */
if (b[bufl - 1] != '\n' &&
!php_stream_eof(stream)) {
if (buflen < (bufl + (b - buf) +
EXEC_INPUT_BUF)) {
bufl += b - buf;
! buflen = bufl + 1 +
EXEC_INPUT_BUF;
buf = erealloc(buf, buflen);
b = buf + bufl;
} else {
b += bufl;
}
continue;
} else if (b != buf) {
! bufl += (b - buf);
}
if (type == 1) {
PHPWRITE(buf, bufl);
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=26938&edit=1
