Fix NULL arithmetic during system program execution

For the first child process execution, `TWG(process)` is `NULL`; we need to catch that to avoid undefined behavior. Closes GH-17470.
php · Jan 15, 2025 · 022a5fc · 022a5fc
1 parent e4473ab
commit 022a5fc
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 6 deletions.
diff --git a/NEWS b/NEWS
@@ -9,6 +9,8 @@ PHP                                                                        NEWS
     (nielsdos)
   . Fixed bug GH-17214 (Relax final+private warning for trait methods with
     inherited final). (ilutov)
+  . Fixed NULL arithmetic during system program execution on Windows. (cmb,
+    nielsdos)
 
 - Enchant:
   . Fix crashes in enchant when passing null bytes. (nielsdos)

diff --git a/TSRM/tsrm_win32.c b/TSRM/tsrm_win32.c
@@ -374,14 +374,16 @@ static process_pair *process_get(FILE *stream)
 	process_pair *ptr;
 	process_pair *newptr;
 
-	for (ptr = TWG(process); ptr < (TWG(process) + TWG(process_size)); ptr++) {
-		if (ptr->stream == stream) {
-			break;
+	if (TWG(process) != NULL) {
+		for (ptr = TWG(process); ptr < (TWG(process) + TWG(process_size)); ptr++) {
+			if (ptr->stream == stream) {
+				break;
+			}
 		}
-	}
 
-	if (ptr < (TWG(process) + TWG(process_size))) {
-		return ptr;
+		if (ptr < (TWG(process) + TWG(process_size))) {
+			return ptr;
+		}
 	}
 
 	newptr = (process_pair*)realloc((void*)TWG(process), (TWG(process_size)+1)*sizeof(process_pair));