diff options
author | Yasuo Ohgaki <yohgaki@php.net> | 2015-02-03 15:26:02 +0900 |
---|---|---|
committer | Yasuo Ohgaki <yohgaki@php.net> | 2015-02-03 15:26:02 +0900 |
commit | f8a8ccaba2b6c025b686fab60c6e4a1601d81e62 (patch) | |
tree | bdf10f210da5564e8bb3beb18f23f44a91a30760 | |
parent | b41a6c6f055e87d87b42bfd87fbad14a23134e4e (diff) | |
download | php-git-f8a8ccaba2b6c025b686fab60c6e4a1601d81e62.tar.gz |
Fixed Bug #65199 pg_copy_from() modifies input array variable
-rw-r--r-- | ext/pgsql/pgsql.c | 36 | ||||
-rw-r--r-- | ext/pgsql/tests/bug65119.phpt | 40 |
2 files changed, 66 insertions, 10 deletions
diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c index 426de41ae9..33e65767cf 100644 --- a/ext/pgsql/pgsql.c +++ b/ext/pgsql/pgsql.c @@ -4059,18 +4059,26 @@ PHP_FUNCTION(pg_copy_from) zend_hash_internal_pointer_reset_ex(Z_ARRVAL_P(pg_rows), &pos); #if HAVE_PQPUTCOPYDATA while (zend_hash_get_current_data_ex(Z_ARRVAL_P(pg_rows), (void **) &tmp, &pos) == SUCCESS) { - convert_to_string_ex(tmp); - query = (char *)emalloc(Z_STRLEN_PP(tmp) + 2); - strlcpy(query, Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp) + 2); - if(Z_STRLEN_PP(tmp) > 0 && *(query + Z_STRLEN_PP(tmp) - 1) != '\n') { - strlcat(query, "\n", Z_STRLEN_PP(tmp) + 2); + zval *value; + ALLOC_ZVAL(value); + INIT_PZVAL_COPY(value, *tmp); + zval_copy_ctor(value); + convert_to_string_ex(&value); + query = (char *)emalloc(Z_STRLEN_P(value) + 2); + strlcpy(query, Z_STRVAL_P(value), Z_STRLEN_P(value) + 2); + if(Z_STRLEN_P(value) > 0 && *(query + Z_STRLEN_P(value) - 1) != '\n') { + strlcat(query, "\n", Z_STRLEN_P(value) + 2); } if (PQputCopyData(pgsql, query, strlen(query)) != 1) { efree(query); + zval_dtor(value); + efree(value); PHP_PQ_ERROR("copy failed: %s", pgsql); RETURN_FALSE; } efree(query); + zval_dtor(value); + efree(value); zend_hash_move_forward_ex(Z_ARRVAL_P(pg_rows), &pos); } if (PQputCopyEnd(pgsql, NULL) != 1) { @@ -4079,18 +4087,26 @@ PHP_FUNCTION(pg_copy_from) } #else while (zend_hash_get_current_data_ex(Z_ARRVAL_P(pg_rows), (void **) &tmp, &pos) == SUCCESS) { - convert_to_string_ex(tmp); - query = (char *)emalloc(Z_STRLEN_PP(tmp) + 2); - strlcpy(query, Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp) + 2); - if(Z_STRLEN_PP(tmp) > 0 && *(query + Z_STRLEN_PP(tmp) - 1) != '\n') { - strlcat(query, "\n", Z_STRLEN_PP(tmp) + 2); + zval *value; + ALLOC_ZVAL(value); + INIT_PZVAL_COPY(value, *tmp); + zval_copy_ctor(value); + convert_to_string_ex(&value); + query = (char *)emalloc(Z_STRLEN_P(value) + 2); + strlcpy(query, Z_STRVAL_P(value), Z_STRLEN_P(value) + 2); + if(Z_STRLEN_P(value) > 0 && *(query + Z_STRLEN_P(value) - 1) != '\n') { + strlcat(query, "\n", Z_STRLEN_P(value) + 2); } if (PQputline(pgsql, query)==EOF) { efree(query); + zval_dtor(value); + efree(value); PHP_PQ_ERROR("copy failed: %s", pgsql); RETURN_FALSE; } efree(query); + zval_dtor(value); + efree(value); zend_hash_move_forward_ex(Z_ARRVAL_P(pg_rows), &pos); } if (PQputline(pgsql, "\\.\n") == EOF) { diff --git a/ext/pgsql/tests/bug65119.phpt b/ext/pgsql/tests/bug65119.phpt new file mode 100644 index 0000000000..c02ff28f06 --- /dev/null +++ b/ext/pgsql/tests/bug65119.phpt @@ -0,0 +1,40 @@ +--TEST-- +Bug #65119 (pg_copy_from() modifies input array variable) +--SKIPIF-- +<?php +include("skipif.inc"); +?> +--FILE-- +<?php +include 'config.inc'; + +function test(Array $values, $conn_str) { + $connection = pg_pconnect($conn_str, PGSQL_CONNECT_FORCE_NEW); + pg_query("begin"); + pg_query("CREATE TABLE bug65119 (i INTEGER)"); + pg_copy_from($connection, "bug65119", $values, "\t", "NULL"); + pg_query("rollback"); +} + +$values = Array(1,2,3); +var_dump($values); +test($values, $conn_str); +var_dump($values); +?> +--EXPECT-- +array(3) { + [0]=> + int(1) + [1]=> + int(2) + [2]=> + int(3) +} +array(3) { + [0]=> + int(1) + [1]=> + int(2) + [2]=> + int(3) +} |