Fix bug #71005 (Segfault in php_cli_server_dispatch_router()).

LawnGnome · LawnGnome · commit 91bad929aa0d · 2015-12-01T03:09:36.000Z
We didn't initialise the retval variable in
php_cli_server_dispatch_router(); let's now initialise it to be
IS_UNDEF, as the following if condition expects.
diff --git a/NEWS b/NEWS
@@ -24,6 +24,9 @@ PHP                                                                        NEWS
   . Fixed exception not being thrown immediately into a generator yielding
     from an array. (Bob)
 
+- CLI server:
+  . Fixed bug #71005 (Segfault in php_cli_server_dispatch_router()). (Adam)
+
 - Mysqlnd:
   . Fixed bug #68077 (LOAD DATA LOCAL INFILE / open_basedir restriction).
     (Laruence)
diff --git a/sapi/cli/php_cli_server.c b/sapi/cli/php_cli_server.c
@@ -2050,6 +2050,8 @@ static int php_cli_server_dispatch_router(php_cli_server *server, php_cli_server
 
 	zend_try {
 		zval retval;
+
+		ZVAL_UNDEF(&retval);
 		if (SUCCESS == zend_execute_scripts(ZEND_REQUIRE, &retval, 1, &zfd)) {
 			if (Z_TYPE(retval) != IS_UNDEF) {
 				decline = Z_TYPE(retval) == IS_FALSE;
diff --git a/sapi/cli/tests/bug71005.phpt b/sapi/cli/tests/bug71005.phpt
@@ -0,0 +1,46 @@
+--TEST--
+Bug #71005 (Segfault in php_cli_server_dispatch_router())
+--SKIPIF--
+<?php
+include "skipif.inc"; 
+?>
+--FILE--
+<?php
+
+$code = <<<'EOF'
+set_exception_handler(function () { echo 'goodbye'; });
+throw new Exception;
+EOF;
+
+include "php_cli_server.inc";
+php_cli_server_start($code);
+
+list($host, $port) = explode(':', PHP_CLI_SERVER_ADDRESS);
+$port = intval($port) ?: 80;
+
+$fp = fsockopen($host, $port, $errno, $errstr, 0.5);
+if (!$fp) {
+  die("connect failed");
+}
+
+if(fwrite($fp, <<<HEADER
+GET / HTTP/1.1
+Host: {$host}
+
+
+HEADER
+)) {
+	while (!feof($fp)) {
+		echo fgets($fp);
+	}
+}
+
+?>
+--EXPECTF--	
+HTTP/1.1 200 OK
+Host: %s
+Connection: close
+X-Powered-By: PHP/%s
+Content-type: text/html; charset=UTF-8
+
+goodbye
