diff options
| -rw-r--r-- | NEWS | 4 | ||||
| -rw-r--r-- | sapi/phpdbg/phpdbg_prompt.c | 6 | ||||
| -rw-r--r-- | sapi/phpdbg/tests/bug73794.phpt | 11 |
3 files changed, 21 insertions, 0 deletions
@@ -39,6 +39,10 @@ PHP NEWS . Fixed bug #72931 (PDO_FIREBIRD with Firebird 3.0 not work on returning statement). (Dorin Marcoci) +- phpdbg: + . Fixed bug #73794 (Crash (out of memory) when using run and # command + separator). (Bob) + - Standard: . Fixed bug #73594 (dns_get_record does not populate $additional out parameter). (Bruce Weirdan) diff --git a/sapi/phpdbg/phpdbg_prompt.c b/sapi/phpdbg/phpdbg_prompt.c index da2cdfb738..822f25f005 100644 --- a/sapi/phpdbg/phpdbg_prompt.c +++ b/sapi/phpdbg/phpdbg_prompt.c @@ -803,10 +803,13 @@ PHPDBG_COMMAND(run) /* {{{ */ if (param && param->type != EMPTY_PARAM && param->len != 0) { char **argv = emalloc(5 * sizeof(char *)); char *end = param->str + param->len, *p = param->str; + char last_byte; int argc = 0; int i; while (*end == '\r' || *end == '\n') *(end--) = 0; + last_byte = end[1]; + end[1] = 0; while (*p == ' ') p++; while (*p) { @@ -870,6 +873,7 @@ free_cmd: efree(argv[i]); } efree(argv); + end[1] = last_byte; return SUCCESS; } @@ -880,6 +884,8 @@ free_cmd: do p++; while (*p == ' '); } } + end[1] = last_byte; + argv[0] = SG(request_info).argv[0]; for (i = SG(request_info).argc; --i;) { efree(SG(request_info).argv[i]); diff --git a/sapi/phpdbg/tests/bug73794.phpt b/sapi/phpdbg/tests/bug73794.phpt new file mode 100644 index 0000000000..8d5ba234c7 --- /dev/null +++ b/sapi/phpdbg/tests/bug73794.phpt @@ -0,0 +1,11 @@ +--TEST-- +Bug #73794 (Crash (out of memory) when using run and # command separator) +--PHPDBG-- +r echo # quit +--EXPECTF-- +[Successful compilation of %s] +prompt> echo +--FILE-- +<?php +echo $argv[1]; +?> |