#26615 [NEW]: exec crash on long input lines

Sat, 13 Dec 2003 11:05:38 -0800 

From:             runekl at opoint dot com
Operating system: All
PHP version:      5CVS-2003-12-13 (dev)
PHP Bug Type:     *General Issues
Bug description:  exec crash on long input lines

Description:
------------
If the command ran by exec outputs a line that is 2*EXEC_INPUT_BUF longer
than the previous line a segfault may occur.  It is not difficult to see
why this happens just by reading the source code.

In exec.c, line 118, reads

if (buflen < (bufl + EXEC_INPUT_BUF)) {

This condition is correct only the first time, e.g when b=buf.  I think
the like should be

if (buflen < (bufl + (b - buf) + EXEC_INPUT_BUF)) {


Reproduce code:
---------------
#!/usr/local/bin/php
<?php
$out = array();
$status = -1;
exec('/usr/bin/seq 5000 | tr \'\n\' \' \'', $out, $status);
print_r($out);
?>

Expected result:
----------------
Numbers from 1 to 5000 separated by blanks on one line.

Actual result:
--------------
segfault

-- 
Edit bug report at http://bugs.php.net/?id=26615&edit=1
-- 
Try a CVS snapshot (php4):  http://bugs.php.net/fix.php?id=26615&r=trysnapshot4
Try a CVS snapshot (php5):  http://bugs.php.net/fix.php?id=26615&r=trysnapshot5
Fixed in CVS:               http://bugs.php.net/fix.php?id=26615&r=fixedcvs
Fixed in release:           http://bugs.php.net/fix.php?id=26615&r=alreadyfixed
Need backtrace:             http://bugs.php.net/fix.php?id=26615&r=needtrace
Need Reproduce Script:      http://bugs.php.net/fix.php?id=26615&r=needscript
Try newer version:          http://bugs.php.net/fix.php?id=26615&r=oldversion
Not developer issue:        http://bugs.php.net/fix.php?id=26615&r=support
Expected behavior:          http://bugs.php.net/fix.php?id=26615&r=notwrong
Not enough info:            http://bugs.php.net/fix.php?id=26615&r=notenoughinfo
Submitted twice:            http://bugs.php.net/fix.php?id=26615&r=submittedtwice
register_globals:           http://bugs.php.net/fix.php?id=26615&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=26615&r=php3
Daylight Savings:           http://bugs.php.net/fix.php?id=26615&r=dst
IIS Stability:              http://bugs.php.net/fix.php?id=26615&r=isapi
Install GNU Sed:            http://bugs.php.net/fix.php?id=26615&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=26615&r=float

Reply via email to