diff options
| author | Kalle Sommer Nielsen <kalle@php.net> | 2010-08-18 20:16:05 +0000 |
|---|---|---|
| committer | Kalle Sommer Nielsen <kalle@php.net> | 2010-08-18 20:16:05 +0000 |
| commit | e92ebce7f8fb6e581f0676e5d2f1cb521a626a2d (patch) | |
| tree | 1b8724e1449a51942e669c037221aea6115c51c7 | |
| parent | c2c3467ab46d7da8a28ef01c17e4c0877100ac8b (diff) | |
| download | php-git-e92ebce7f8fb6e581f0676e5d2f1cb521a626a2d.tar.gz | |
Fixed possible crash in php_mssql_get_column_content_without_type()
# Also fix NEWS entry in PHP_5_2 for previous commit
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | ext/mssql/php_mssql.c | 8 |
2 files changed, 10 insertions, 0 deletions
@@ -11,6 +11,8 @@ (Kalle) - Changed the $context parameter on copy() to actually have an effect. (Kalle) +- Fixed possible crash in php_mssql_get_column_content_without_type(). (Kalle) + - Fixed bug #52636 (php_mysql_fetch_hash writes long value into int). (Kalle, rein at basefarm dot no) - Fixed bug #52613 (crash in mysqlnd after hitting memory limit). (Andrey) diff --git a/ext/mssql/php_mssql.c b/ext/mssql/php_mssql.c index aaee1d2789..17e698cead 100644 --- a/ext/mssql/php_mssql.c +++ b/ext/mssql/php_mssql.c @@ -1059,6 +1059,14 @@ static void php_mssql_get_column_content_without_type(mssql_link *mssql_ptr,int unsigned char *res_buf; int res_length = dbdatlen(mssql_ptr->link, offset); + if (res_length == 0) { + ZVAL_NULL(result); + return; + } else if (res_length < 0) { + ZVAL_FALSE(result); + return; + } + res_buf = (unsigned char *) emalloc(res_length+1); bin = ((DBBINARY *)dbdata(mssql_ptr->link, offset)); res_buf[res_length] = '\0'; |