diff options
| author | Pierre Joye <pajoye@php.net> | 2011-07-27 14:23:06 +0000 |
|---|---|---|
| committer | Pierre Joye <pajoye@php.net> | 2011-07-27 14:23:06 +0000 |
| commit | 0e3ec21e6fe63c93b6a7ab06ee37a06416363a9e (patch) | |
| tree | 0ede1bc31d5ceb5edba43a22582f654bef11b136 | |
| parent | 94ccf70c77535f449ac9050c0f19b3186128cf3b (diff) | |
| download | php-git-0e3ec21e6fe63c93b6a7ab06ee37a06416363a9e.tar.gz | |
- Fix #55295, check if malloc failed
| -rw-r--r-- | NEWS | 4 | ||||
| -rw-r--r-- | TSRM/tsrm_win32.c | 4 |
2 files changed, 8 insertions, 0 deletions
@@ -10,6 +10,10 @@ PHP NEWS . On blocking SSL sockets respect the timeout option where possible. (Scott) +- Core + . Fix bug #55295 [NEW]: popen_ex on windows, fixed possible heap overflow + (Pierre) + 14 Jul 2011, PHP 5.3.7 RC3 - Zend Engine: . Fixed bug #55156 (ReflectionClass::getDocComment() returns comment even diff --git a/TSRM/tsrm_win32.c b/TSRM/tsrm_win32.c index c61607b552..8603a9039e 100644 --- a/TSRM/tsrm_win32.c +++ b/TSRM/tsrm_win32.c @@ -532,6 +532,10 @@ TSRM_API FILE *popen_ex(const char *command, const char *type, const char *cwd, } cmd = (char*)malloc(strlen(command)+strlen(TWG(comspec))+sizeof(" /c ")+2); + if (!cmd) { + return NULL; + } + sprintf(cmd, "%s /c \"%s\"", TWG(comspec), command); if (asuser) { res = CreateProcessAsUser(token_user, NULL, cmd, &security, &security, security.bInheritHandle, dwCreateFlags, env, cwd, &startup, &process); |