Fixed bug #63235 (buffer overflow in use of SQLGetDiagRec)

author: Xinchen Hui <laruence@php.net> 2012-10-09 13:13:51 +0800
committer: Xinchen Hui <laruence@php.net> 2012-10-09 13:13:51 +0800
commit: 45e0d452c5c369f0141fde780a6cbdd35d8f55b4 (patch)
tree: 58b864071024f51e9b7e00f7090476c409778e0d
parent: 5d9fb8ffeb58d51c44f8a4b9f6b2eaabe271ce82 (diff)
download: php-git-45e0d452c5c369f0141fde780a6cbdd35d8f55b4.tar.gz
2 files changed, 5 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index 0417dcb47d..46c9bf4909 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,10 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2012, PHP 5.3.19
 
+- PDO:
+  . Fixed bug #63235 (buffer overflow in use of SQLGetDiagRec).
+    (Martin Osvald, Remi)
+
 ?? ??? 2012, PHP 5.3.18
 
 (NOTE: Add your entries above for 5.3.19, entries for 5.3.18 should only
diff --git a/ext/pdo_odbc/odbc_driver.c b/ext/pdo_odbc/odbc_driver.c
index 84a147b80c..ca2808c6f5 100755
--- a/ext/pdo_odbc/odbc_driver.c
+++ b/ext/pdo_odbc/odbc_driver.c
@@ -114,7 +114,7 @@ void pdo_odbc_error(pdo_dbh_t *dbh, pdo_stmt_t *stmt, PDO_ODBC_HSTMT statement,
 	 * diagnostic records (which can be generated by PRINT statements
 	 * in the query, for instance). */
 	while (rc == SQL_SUCCESS || rc == SQL_SUCCESS_WITH_INFO) {
-		char discard_state[5];
+		char discard_state[6];
 		char discard_buf[1024];
 		SQLINTEGER code;
 		rc = SQLGetDiagRec(htype, eh, recno++, discard_state, &code,
author	Xinchen Hui <laruence@php.net>	2012-10-09 13:13:51 +0800
committer	Xinchen Hui <laruence@php.net>	2012-10-09 13:13:51 +0800
commit	45e0d452c5c369f0141fde780a6cbdd35d8f55b4 (patch)
tree	58b864071024f51e9b7e00f7090476c409778e0d
parent	5d9fb8ffeb58d51c44f8a4b9f6b2eaabe271ce82 (diff)
download	php-git-45e0d452c5c369f0141fde780a6cbdd35d8f55b4.tar.gz