mirror of
https://github.com/php/php-src.git
synced 2024-09-22 02:17:32 +00:00
Fixed Bug #64949 (Buffer overflow in _pdo_pgsql_error)
There is a lot of call such as: pdo_pgsql_error(dbh, PGRES_FATAL_ERROR, "Copy command failed"); Where the 3rd paramater is a error message string where a sqlstate (5 chars) is expected. This cause a segfault in copy_from.phpt and copy_to.phpt. This is only a sanity check to avoid buffer overflow, but obviously this calls need to be fixed (using NULL or a correct sqlstate).
This commit is contained in:
parent
13e5c97ffd
commit
1c623e3b07
3
NEWS
3
NEWS
@ -2,6 +2,9 @@ PHP NEWS
|
||||
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||
?? ??? 2013, PHP 5.3.27
|
||||
|
||||
- PDO_pgsql:
|
||||
. Fixed Bug #64949 (Buffer overflow in _pdo_pgsql_error). (Remi)
|
||||
|
||||
?? ??? 2013, PHP 5.3.26
|
||||
|
||||
### DO NOT ADD ENTRIES HERE, ADD THEM ABOVE FOR 5.3.27 ###
|
||||
|
@ -76,7 +76,7 @@ int _pdo_pgsql_error(pdo_dbh_t *dbh, pdo_stmt_t *stmt, int errcode, const char *
|
||||
einfo->errmsg = NULL;
|
||||
}
|
||||
|
||||
if (sqlstate == NULL) {
|
||||
if (sqlstate == NULL || strlen(sqlstate) >= sizeof(pdo_error_type)) {
|
||||
strcpy(*pdo_err, "HY000");
|
||||
}
|
||||
else {
|
||||
|
Loading…
Reference in New Issue
Block a user