Merge branch 'PHP-7.2'

* PHP-7.2: Fix heap use after free
author: Anatol Belski <ab@php.net> 2018-03-12 21:03:36 +0100
committer: Anatol Belski <ab@php.net> 2018-03-12 21:03:36 +0100
commit: a1a33615525f213bb727d606a590d7ce3a669f63 (patch)
tree: a463a30165163a1c43548585e9dd4dd6c07b96df /ext/pdo_pgsql/pgsql_statement.c
parent: 08755e6b8915cc5040d3b5237f2ffc0de539148c (diff)
parent: c469213e7b0e854be929ef108312e1ae2359d14b (diff)
download: php-git-a1a33615525f213bb727d606a590d7ce3a669f63.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/ext/pdo_pgsql/pgsql_statement.c b/ext/pdo_pgsql/pgsql_statement.c
index 2321d20576..804fcd4bd6 100644
--- a/ext/pdo_pgsql/pgsql_statement.c
+++ b/ext/pdo_pgsql/pgsql_statement.c
@@ -618,11 +618,13 @@ static zend_always_inline char * pdo_pgsql_translate_oid_to_table(Oid oid, PGcon
 	}
 	efree(querystr);
 
-	if ((table_name = PQgetvalue(tmp_res, 0, 0)) == NULL) {
+	if (1 == PQgetisnull(tmp_res, 0, 0) || (table_name = PQgetvalue(tmp_res, 0, 0)) == NULL) {
 		PQclear(tmp_res);
 		return 0;
 	}
 
+	table_name = estrdup(table_name);
+
 	PQclear(tmp_res);
 	return table_name;
 }
@@ -652,6 +654,7 @@ static int pgsql_stmt_get_column_meta(pdo_stmt_t *stmt, zend_long colno, zval *r
 	table_name = pdo_pgsql_translate_oid_to_table(table_oid, S->H->server);
 	if (table_name) {
 		add_assoc_string(return_value, "table", table_name);
+		efree(table_name);
 	}
 
 	switch (S->cols[colno].pgsql_type) {
author	Anatol Belski <ab@php.net>	2018-03-12 21:03:36 +0100
committer	Anatol Belski <ab@php.net>	2018-03-12 21:03:36 +0100
commit	a1a33615525f213bb727d606a590d7ce3a669f63 (patch)
tree	a463a30165163a1c43548585e9dd4dd6c07b96df /ext/pdo_pgsql/pgsql_statement.c
parent	08755e6b8915cc5040d3b5237f2ffc0de539148c (diff)
parent	c469213e7b0e854be929ef108312e1ae2359d14b (diff)
download	php-git-a1a33615525f213bb727d606a590d7ce3a669f63.tar.gz