diff options
| author | Yasuo Ohgaki <yohgaki@php.net> | 2015-02-03 15:26:02 +0900 |
|---|---|---|
| committer | Yasuo Ohgaki <yohgaki@php.net> | 2015-02-03 15:26:02 +0900 |
| commit | f8a8ccaba2b6c025b686fab60c6e4a1601d81e62 (patch) | |
| tree | bdf10f210da5564e8bb3beb18f23f44a91a30760 /ext/pgsql/pgsql.c | |
| parent | b41a6c6f055e87d87b42bfd87fbad14a23134e4e (diff) | |
| download | php-git-f8a8ccaba2b6c025b686fab60c6e4a1601d81e62.tar.gz | |
Fixed Bug #65199 pg_copy_from() modifies input array variable
Diffstat (limited to 'ext/pgsql/pgsql.c')
| -rw-r--r-- | ext/pgsql/pgsql.c | 36 |
1 files changed, 26 insertions, 10 deletions
diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c index 426de41ae9..33e65767cf 100644 --- a/ext/pgsql/pgsql.c +++ b/ext/pgsql/pgsql.c @@ -4059,18 +4059,26 @@ PHP_FUNCTION(pg_copy_from) zend_hash_internal_pointer_reset_ex(Z_ARRVAL_P(pg_rows), &pos); #if HAVE_PQPUTCOPYDATA while (zend_hash_get_current_data_ex(Z_ARRVAL_P(pg_rows), (void **) &tmp, &pos) == SUCCESS) { - convert_to_string_ex(tmp); - query = (char *)emalloc(Z_STRLEN_PP(tmp) + 2); - strlcpy(query, Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp) + 2); - if(Z_STRLEN_PP(tmp) > 0 && *(query + Z_STRLEN_PP(tmp) - 1) != '\n') { - strlcat(query, "\n", Z_STRLEN_PP(tmp) + 2); + zval *value; + ALLOC_ZVAL(value); + INIT_PZVAL_COPY(value, *tmp); + zval_copy_ctor(value); + convert_to_string_ex(&value); + query = (char *)emalloc(Z_STRLEN_P(value) + 2); + strlcpy(query, Z_STRVAL_P(value), Z_STRLEN_P(value) + 2); + if(Z_STRLEN_P(value) > 0 && *(query + Z_STRLEN_P(value) - 1) != '\n') { + strlcat(query, "\n", Z_STRLEN_P(value) + 2); } if (PQputCopyData(pgsql, query, strlen(query)) != 1) { efree(query); + zval_dtor(value); + efree(value); PHP_PQ_ERROR("copy failed: %s", pgsql); RETURN_FALSE; } efree(query); + zval_dtor(value); + efree(value); zend_hash_move_forward_ex(Z_ARRVAL_P(pg_rows), &pos); } if (PQputCopyEnd(pgsql, NULL) != 1) { @@ -4079,18 +4087,26 @@ PHP_FUNCTION(pg_copy_from) } #else while (zend_hash_get_current_data_ex(Z_ARRVAL_P(pg_rows), (void **) &tmp, &pos) == SUCCESS) { - convert_to_string_ex(tmp); - query = (char *)emalloc(Z_STRLEN_PP(tmp) + 2); - strlcpy(query, Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp) + 2); - if(Z_STRLEN_PP(tmp) > 0 && *(query + Z_STRLEN_PP(tmp) - 1) != '\n') { - strlcat(query, "\n", Z_STRLEN_PP(tmp) + 2); + zval *value; + ALLOC_ZVAL(value); + INIT_PZVAL_COPY(value, *tmp); + zval_copy_ctor(value); + convert_to_string_ex(&value); + query = (char *)emalloc(Z_STRLEN_P(value) + 2); + strlcpy(query, Z_STRVAL_P(value), Z_STRLEN_P(value) + 2); + if(Z_STRLEN_P(value) > 0 && *(query + Z_STRLEN_P(value) - 1) != '\n') { + strlcat(query, "\n", Z_STRLEN_P(value) + 2); } if (PQputline(pgsql, query)==EOF) { efree(query); + zval_dtor(value); + efree(value); PHP_PQ_ERROR("copy failed: %s", pgsql); RETURN_FALSE; } efree(query); + zval_dtor(value); + efree(value); zend_hash_move_forward_ex(Z_ARRVAL_P(pg_rows), &pos); } if (PQputline(pgsql, "\\.\n") == EOF) { |