@- Fixed column-title buffer-overflow in OCIFetchStatement(). (Thies)

fix #7784
author: Thies C. Arntzen <thies@php.net> 2000-11-13 17:30:52 +0000
committer: Thies C. Arntzen <thies@php.net> 2000-11-13 17:30:52 +0000
commit: db65d0e07601de6edcaef50a9b9d0630f04f8405 (patch)
tree: a847c1122f9908ce59e18c45c0a8a0437db98e73
parent: 4004ef6f25caca75d243e70e03418101f23fe2c1 (diff)
download: php-git-db65d0e07601de6edcaef50a9b9d0630f04f8405.tar.gz
1 files changed, 3 insertions, 3 deletions
diff --git a/ext/oci8/oci8.c b/ext/oci8/oci8.c
index 25ffac677d..d01bd50173 100644
--- a/ext/oci8/oci8.c
+++ b/ext/oci8/oci8.c
@@ -3461,7 +3461,7 @@ PHP_FUNCTION(ocifetchstatement)
 	int i;
 	int mode = OCI_NUM;
 	int rows = 0;
-	char namebuf[ 128 ];
+	char *namebuf;
 	int ac = ZEND_NUM_ARGS();
 
 	if (ac < 2 || ac > 3 || zend_get_parameters_ex(ac, &stmt, &array, &fmode) == FAILURE) {
@@ -3489,10 +3489,10 @@ PHP_FUNCTION(ocifetchstatement)
 		MAKE_STD_ZVAL(tmp);
 		array_init(tmp);
 
-		memcpy(namebuf,columns[ i ]->name, columns[ i ]->name_len);
-		namebuf[ columns[ i ]->name_len ] = 0;
+		namebuf = estrndup(columns[ i ]->name,columns[ i ]->name_len);
 				
 		zend_hash_update((*array)->value.ht, namebuf, columns[ i ]->name_len+1, (void *) &tmp, sizeof(zval*), (void **) &(outarrs[ i ]));
+		efree(namebuf);
 	}
 
 	while (oci_fetch(statement, nrows, "OCIFetchStatement")) {
author	Thies C. Arntzen <thies@php.net>	2000-11-13 17:30:52 +0000
committer	Thies C. Arntzen <thies@php.net>	2000-11-13 17:30:52 +0000
commit	db65d0e07601de6edcaef50a9b9d0630f04f8405 (patch)
tree	a847c1122f9908ce59e18c45c0a8a0437db98e73
parent	4004ef6f25caca75d243e70e03418101f23fe2c1 (diff)
download	php-git-db65d0e07601de6edcaef50a9b9d0630f04f8405.tar.gz