clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-21 18:07:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed bug #71573 (Segfault (core dumped) if paramno beyond bound)

Browse Source
This commit is contained in:
Xinchen Hui 2016-05-11 11:12:27 +08:00
parent c35bd4861d
commit 66ad4fc393
3 changed files with 31 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
NEWS
View File

@ -2,6 +2,10 @@ PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? 2016 PHP 7.0.8
- PDO_pgsql:
. Fixed bug #71573 (Segfault (core dumped) if paramno beyond bound).
(Laruence)
26 May 2016 PHP 7.0.7

6
ext/pdo_pgsql/pgsql_statement.c
View File

@ -288,6 +288,10 @@ static int pgsql_stmt_param_hook(pdo_stmt_t *stmt, struct pdo_bound_param_data *
break;
case PDO_PARAM_EVT_ALLOC:
if (!zend_hash_index_exists(stmt->bound_param_map, param->paramno)) {
pdo_raise_impl_error(stmt->dbh, stmt, "HY093", "parameter was not defined");
return 0;
}
case PDO_PARAM_EVT_EXEC_POST:
case PDO_PARAM_EVT_FETCH_PRE:
case PDO_PARAM_EVT_FETCH_POST:
@ -315,10 +319,12 @@ static int pgsql_stmt_param_hook(pdo_stmt_t *stmt, struct pdo_bound_param_data *
if (param->paramno >= 0) {
zval *parameter;
/*
if (param->paramno >= zend_hash_num_elements(stmt->bound_params)) {
pdo_raise_impl_error(stmt->dbh, stmt, "HY093", "parameter was not defined");
return 0;
}
*/
if (Z_ISREF(param->parameter)) {
parameter = Z_REFVAL(param->parameter);

21
ext/pdo_pgsql/tests/bug71573.phpt Normal file
View File

@ -0,0 +1,21 @@
--TEST--
Bug #71573 (Segfault (core dumped) if paramno beyond bound)
--SKIPIF--
<?php
if (!extension_loaded('pdo') || !extension_loaded('pdo_pgsql')) die('skip not loaded');
require_once dirname(__FILE__) . '/../../../ext/pdo/tests/pdo_test.inc';
require_once dirname(__FILE__) . '/config.inc';
PDOTest::skip();
?>
--FILE--
<?php
require_once dirname(__FILE__) . '/../../../ext/pdo/tests/pdo_test.inc';
require_once dirname(__FILE__) . '/config.inc';
$db = PDOTest::test_factory(dirname(__FILE__) . '/common.phpt');
$statement = $db->prepare('select ?');
$statement->execute([ 'test', 'test', 'test' ]);
?>
--EXPECTF--
Warning: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: parameter was not defined in %sbug71573.php on line %d