- Fix #55295, check if malloc failed

Author: pierrejoye

NEWS

@@ -10,6 +10,10 @@ PHP                                                                        NEWS
   . On blocking SSL sockets respect the timeout option where possible.
     (Scott)
 
+- Core
+  . Fix bug #55295 [NEW]: popen_ex on windows, fixed possible heap overflow
+    (Pierre)
+
 14 Jul 2011, PHP 5.3.7 RC3
 - Zend Engine:
   . Fixed bug #55156 (ReflectionClass::getDocComment() returns comment even

TSRM/tsrm_win32.c

@@ -532,6 +532,10 @@ TSRM_API FILE *popen_ex(const char *command, const char *type, const char *cwd,
 	}
 
 	cmd = (char*)malloc(strlen(command)+strlen(TWG(comspec))+sizeof(" /c ")+2);
+	if (!cmd) {
+		return NULL;
+	}
+
 	sprintf(cmd, "%s /c \"%s\"", TWG(comspec), command);
 	if (asuser) {
 		res = CreateProcessAsUser(token_user, NULL, cmd, &security, &security, security.bInheritHandle, dwCreateFlags, env, cwd, &startup, &process);