diff options
| author | Adam Baratz <adambaratz@php.net> | 2018-11-26 10:36:18 -0500 |
|---|---|---|
| committer | Adam Baratz <adambaratz@php.net> | 2018-11-26 10:36:18 -0500 |
| commit | a22d2850d4b45c7729a8df4a55a16dff61df04d2 (patch) | |
| tree | a2dcfc3aa35667b42f67e4743d7a4de1f2c41445 /ext/pdo | |
| parent | 07d6dfbfe40848173ab2136d9c9eba862dc9fca0 (diff) | |
| parent | e126ca1557d7169263d2639802985c9e47c2ac19 (diff) | |
| download | php-git-a22d2850d4b45c7729a8df4a55a16dff61df04d2.tar.gz | |
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Check column number before trying to fetch the value
Diffstat (limited to 'ext/pdo')
| -rw-r--r-- | ext/pdo/pdo_stmt.c | 7 | ||||
| -rw-r--r-- | ext/pdo/tests/pdo_038.phpt | 45 |
2 files changed, 52 insertions, 0 deletions
diff --git a/ext/pdo/pdo_stmt.c b/ext/pdo/pdo_stmt.c index 689f552fc9..a28f1c3666 100644 --- a/ext/pdo/pdo_stmt.c +++ b/ext/pdo/pdo_stmt.c @@ -530,6 +530,13 @@ static inline void fetch_value(pdo_stmt_t *stmt, zval *dest, int colno, int *typ int caller_frees = 0; int type, new_type; + if (colno < 0 || colno >= stmt->column_count) { + pdo_raise_impl_error(stmt->dbh, stmt, "HY000", "Invalid column index"); + ZVAL_FALSE(dest); + + return; + } + col = &stmt->columns[colno]; type = PDO_PARAM_TYPE(col->param_type); new_type = type_override ? (int)PDO_PARAM_TYPE(*type_override) : type; diff --git a/ext/pdo/tests/pdo_038.phpt b/ext/pdo/tests/pdo_038.phpt new file mode 100644 index 0000000000..5a8b2ab63e --- /dev/null +++ b/ext/pdo/tests/pdo_038.phpt @@ -0,0 +1,45 @@ +--TEST-- +PDOStatement::fetchColumn() invalid column index +--SKIPIF-- +<?php # vim:ft=php +if (!extension_loaded('pdo')) die('skip'); +$dir = getenv('REDIR_TEST_DIR'); +if (false == $dir) die('skip no driver'); +require_once $dir . 'pdo_test.inc'; +PDOTest::skip(); +?> +--FILE-- +<?php +if (getenv('REDIR_TEST_DIR') === false) putenv('REDIR_TEST_DIR='.dirname(__FILE__) . '/../../pdo/tests/'); +require_once getenv('REDIR_TEST_DIR') . 'pdo_test.inc'; + +function fetchColumn($stmt, $index) { + $stmt->execute(); + return $stmt->fetchColumn($index); +} + +$conn = PDOTest::factory(); +$query = 'SELECT 1'; + +switch ($conn->getAttribute(PDO::ATTR_DRIVER_NAME)) { + case 'oci': + $query .= ' FROM DUAL'; + break; + case 'firebird': + $query .= ' FROM RDB$DATABASE'; + break; +} + +$stmt = $conn->prepare($query); + +var_dump(fetchColumn($stmt, -1)); +var_dump(fetchColumn($stmt, 0)); +var_dump(fetchColumn($stmt, 1)); +?> +--EXPECTF-- +Warning: PDOStatement::fetchColumn(): SQLSTATE[HY000]: General error: Invalid column index in %s +bool(false) +string(1) "1" + +Warning: PDOStatement::fetchColumn(): SQLSTATE[HY000]: General error: Invalid column index in %s +bool(false) |