Fix bug #68095 - invalid read in php_getopt()

It's a hacky solution and incomplete, but I don't see other way without refactoring the whole getopt protocol.
author: Stanislav Malyshev <stas@php.net> 2014-10-27 19:04:46 -0700
committer: Stanislav Malyshev <stas@php.net> 2014-10-27 19:06:44 -0700
commit: deadeeae1d08877021eb2796aa6790baa74361ed (patch)
tree: 727f0bde1a44a787124be5824b58a1b1f5626e37
parent: 88527e456951d13a681fbef65984bc3c4907fded (diff)
download: php-git-deadeeae1d08877021eb2796aa6790baa74361ed.tar.gz
2 files changed, 10 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index c7fd7afe4a..15a2951377 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,8 @@ PHP                                                                        NEWS
 ?? ??? 2014, PHP 5.5.19
 
 - Core:
+  . Fixed bug #68095 (AddressSanitizer reports a heap buffer overflow in 
+    php_getopt()). (Stas)
   . Fixed bug #68118 ($a->foo .= 'test'; can leave $a->foo undefined). (Nikita)
   . Fixed bug #68129 (parse_url() - incomplete support for empty usernames
     and passwords) (Tjerk)
diff --git a/main/getopt.c b/main/getopt.c
index a31a6c75d5..258173fc22 100644
--- a/main/getopt.c
+++ b/main/getopt.c
@@ -59,9 +59,17 @@ PHPAPI int php_getopt(int argc, char* const *argv, const opt_struct opts[], char
 {
 	static int optchr = 0;
 	static int dash = 0; /* have already seen the - */
+	static char **prev_optarg = NULL;
 
 	php_optidx = -1;
 
+	if(prev_optarg && prev_optarg != optarg) {
+		/* reset the state */
+		optchr = 0;
+		dash = 0;
+	}
+	prev_optarg = optarg;
+
 	if (*optind >= argc) {
 		return(EOF);
 	}
author	Stanislav Malyshev <stas@php.net>	2014-10-27 19:04:46 -0700
committer	Stanislav Malyshev <stas@php.net>	2014-10-27 19:06:44 -0700
commit	deadeeae1d08877021eb2796aa6790baa74361ed (patch)
tree	727f0bde1a44a787124be5824b58a1b1f5626e37
parent	88527e456951d13a681fbef65984bc3c4907fded (diff)
download	php-git-deadeeae1d08877021eb2796aa6790baa74361ed.tar.gz