Fix bug #68095 - invalid read in php_getopt()

It's a hacky solution and incomplete, but I don't see other way without refactoring the whole getopt protocol.
2024-11-23 09:54:15 +08:00 · 2014-10-27 19:04:46 -07:00 · 2014-10-27 19:04:46 -07:00 · deadeeae1d
commit deadeeae1d
parent 88527e4569
2 changed files with 10 additions and 0 deletions
--- a/2
+++ b/2
@ -3,6 +3,8 @@ PHP                                                                        NEWS
 ?? ??? 2014, PHP 5.5.19

 - Core:
+  . Fixed bug #68095 (AddressSanitizer reports a heap buffer overflow in 
+    php_getopt()). (Stas)
  . Fixed bug #68118 ($a->foo .= 'test'; can leave $a->foo undefined). (Nikita)
  . Fixed bug #68129 (parse_url() - incomplete support for empty usernames
    and passwords) (Tjerk)
--- a/main/getopt.c
+++ b/main/getopt.c
@ -59,9 +59,17 @@ PHPAPI int php_getopt(int argc, char* const *argv, const opt_struct opts[], char
 {
 	static int optchr = 0;
 	static int dash = 0; /* have already seen the - */
+	static char **prev_optarg = NULL;

 	php_optidx = -1;

+	if(prev_optarg && prev_optarg != optarg) {
+		/* reset the state */
+		optchr = 0;
+		dash = 0;
+	}
+	prev_optarg = optarg;
+
 	if (*optind >= argc) {
 		return(EOF);
 	}