PHP :: Bug #26615 :: exec crash on long input lines

Bug #26615	exec crash on long input lines
Submitted:	2003-12-13 12:59 UTC	Modified:	2003-12-13 13:52 UTC
From:	runekl at opoint dot com	Assigned:
Status:	Closed	Package:	*General Issues
PHP Version:	5CVS-2003-12-13 (dev)	OS:	All
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	runekl at opoint dot com
New email:
PHP Version:		OS:

New Comment:

[2003-12-13 12:59 UTC] runekl at opoint dot com

Description:
------------
If the command ran by exec outputs a line that is 2*EXEC_INPUT_BUF longer than the previous line a segfault may occur.  It is not difficult to see why this happens just by reading the source code.

In exec.c, line 118, reads

if (buflen < (bufl + EXEC_INPUT_BUF)) {

This condition is correct only the first time, e.g when b=buf.  I think the like should be

if (buflen < (bufl + (b - buf) + EXEC_INPUT_BUF)) {


Reproduce code:
---------------
#!/usr/local/bin/php
<?php
$out = array();
$status = -1;
exec('/usr/bin/seq 5000 | tr \'\n\' \' \'', $out, $status);
print_r($out);
?>

Expected result:
----------------
Numbers from 1 to 5000 separated by blanks on one line.

Actual result:
--------------
segfault

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-12-13 13:52 UTC] derick@php.net

Thank you for your bug report. This issue has already been fixed
in the latest released version of PHP, which you can download at 
http://www.php.net/downloads.php

Thanks for the "patch"!

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Nov 23 07:01:29 2024 UTC