ID: 26938
User updated by: runekl at opoint dot com
-Summary: exec does not read consecutive ling lines correctly
Reported By: runekl at opoint dot com
-Status: Feedback
+Status: Open
Bug Type: Program Execution
-Operating System: *
+Operating System: All
PHP Version: 5CVS-2004-01-16 (dev)
New Comment:
I suggest you replace the test for bug 26615 with the one below. That
should cover both cases. It will also make your distribution smaller
-)
--TEST--
Bug #26615 (exec crash on long input lines)
--FILE--
<?php
$out = array();
$status = -1;
$php = getenv('TEST_PHP_EXECUTABLE');
exec($php . ' -r \''
. '$lengths = array(10,20000,10000,5,10000,3);'
. 'foreach($lengths as $length) {'
. ' for($i=0;$i<$length;$i++) print chr(65+$i % 27);'
. ' print "\n";'
. '}\'', $out, $status);
for ($i=0;$i<6;$i++)
print "md5(line $i)= " . md5($out[$i]) . " (length " .
strlen($out[$i]) . ")\n";
?>
--EXPECT--
md5(line 0)= e86410fa2d6e2634fd8ac5f4b3afe7f3 (length 10)
md5(line 1)= e84debf3a1d132871d7fe45c1c04c566 (length 20000)
md5(line 2)= c33b4d2f86908eea5d75ee5a61fd81f4 (length 10000)
md5(line 3)= 2ecdde3959051d913f61b14579ea136d (length 5)
md5(line 4)= c33b4d2f86908eea5d75ee5a61fd81f4 (length 10000)
md5(line 5)= 902fbdd2b1df0c4f70b4a5d23525e932 (length 3)
Previous Comments:
------------------------------------------------------------------------
[2004-01-16 18:59:14] [EMAIL PROTECTED]
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves.
A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external
resources such as databases, etc.
If possible, make the script source available online and provide
an URL to it here. Try avoid embedding huge scripts into the report.
------------------------------------------------------------------------
[2004-01-16 16:38:38] runekl at opoint dot com
Description:
------------
Exec fails to read two consecutive lines longer than 2*EXEC_INPUT_BUF
correctly. While reading the first line, buflen is set to
3*EXEC_INPUT_BUF. When reading part two of the second line, bufl will
be EXEC_INPUT_BUF to large since b!=buf.
Here is a patch:
Index: exec.c
===================================================================
RCS file: /repository/php-src/ext/standard/exec.c,v
retrieving revision 1.108
diff -C4 -r1.108 exec.c
*** exec.c 8 Jan 2004 08:17:31 -0000 1.108
--- exec.c 16 Jan 2004 21:35:35 -0000
***************
*** 111,132 ****
if (type != 3) {
b = buf;
! while (php_stream_get_line(stream, b, EXEC_INPUT_BUF,
&bufl)) {
/* no new line found, let's read some more */
if (b[bufl - 1] != '\n' &&
!php_stream_eof(stream)) {
if (buflen < (bufl + (b - buf) +
EXEC_INPUT_BUF)) {
bufl += b - buf;
! buflen = bufl +
EXEC_INPUT_BUF;
buf = erealloc(buf, buflen);
b = buf + bufl;
} else {
b += bufl;
}
continue;
} else if (b != buf) {
! bufl += buflen - EXEC_INPUT_BUF;
}
if (type == 1) {
PHPWRITE(buf, bufl);
--- 111,132 ----
if (type != 3) {
b = buf;
! while (php_stream_get_line(stream, b, buflen - (b -
buf), &bufl)) {
/* no new line found, let's read some more */
if (b[bufl - 1] != '\n' &&
!php_stream_eof(stream)) {
if (buflen < (bufl + (b - buf) +
EXEC_INPUT_BUF)) {
bufl += b - buf;
! buflen = bufl + 1 +
EXEC_INPUT_BUF;
buf = erealloc(buf, buflen);
b = buf + bufl;
} else {
b += bufl;
}
continue;
} else if (b != buf) {
! bufl += (b - buf);
}
if (type == 1) {
PHPWRITE(buf, bufl);
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=26938&edit=1
