Fix bug 68298 (PHP OCI8 OCI int overflow) (Senthil)

author Christopher Jones <christopher.jones@oracle.com>

Fri, 6 Nov 2015 14:56:50 +0000 (01:56 +1100)

committer Christopher Jones <christopher.jones@oracle.com>

Fri, 6 Nov 2015 14:56:50 +0000 (01:56 +1100)
author Christopher Jones <christopher.jones@oracle.com>
Fri, 6 Nov 2015 14:56:50 +0000 (01:56 +1100)
committer Christopher Jones <christopher.jones@oracle.com>
Fri, 6 Nov 2015 14:56:50 +0000 (01:56 +1100)
diff --git a/ext/oci8/oci8_statement.c b/ext/oci8/oci8_statement.c

index 4d18a916d8f959241711a8153f701224dbf91361..ad30a653774f9a2f9ddd826a1bc776937257ad90 100644 (file)
--- a/ext/oci8/oci8_statement.c
+++ b/ext/oci8/oci8_statement.c
@@ -1139,15 +1139,22 @@ int php_oci_bind_by_name(php_oci_statement *statement, char *name, int name_len,
                         
                 case SQLT_INT:
                 case SQLT_NUM:
+               {
                         if (Z_TYPE_P(var) == IS_RESOURCE || Z_TYPE_P(var) == IS_OBJECT) {
                                 php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid variable used for bind");
                                 return 1;
                         }
                         convert_to_long(var);
+#if defined(OCI_MAJOR_VERSION) && OCI_MAJOR_VERSION > 10
+                       bind_data = (ub8 *)&Z_LVAL_P(var);
+                       value_sz = sizeof(ub8);
+#else
                         bind_data = (ub4 *)&Z_LVAL_P(var);
                         value_sz = sizeof(ub4);
+#endif
                         mode = OCI_DEFAULT;
-                       break;
+               }
+               break;
                         
                 case SQLT_LBI:
                 case SQLT_BIN:
diff --git a/ext/oci8/tests/bug68298.phpt b/ext/oci8/tests/bug68298.phpt

new file mode 100644 (file)

index 0000000..223faa5
--- /dev/null
+++ b/ext/oci8/tests/bug68298.phpt
@@ -0,0 +1,51 @@
+--TEST--
+Bug #68298 (OCI int overflow)
+--SKIPIF--
+<?php
+if (!extension_loaded('oci8')) die ("skip no oci8 extension");
+if (PHP_INT_SIZE != 8) die("skip this test is for 64bit platforms only");
+?>
+--FILE--
+<?php
+
+require(dirname(__FILE__).'/connect.inc');
+
+$stmtarray = array(
+       "DROP TABLE BUG68298", 
+       "CREATE TABLE BUG68298 (COL1 NUMBER(20))"
+);
+
+oci8_test_sql_execute($c, $stmtarray);
+
+$s = oci_parse($c, "INSERT INTO BUG68298 VALUES (:INTVALUE)");
+$intvalue = 1152921504606846975;
+oci_bind_by_name($s, ":INTVALUE", $intvalue, -1, SQLT_INT);
+oci_execute($s);
+
+$s = oci_parse($c, "INSERT INTO BUG68298 VALUES (:INTVALUE)");
+$intvalue = -1152921504606846975;
+oci_bind_by_name($s, ":INTVALUE", $intvalue, -1, SQLT_INT);
+oci_execute($s);
+
+
+$s = oci_parse($c, "SELECT COL1 FROM BUG68298");
+oci_execute($s);
+oci_fetch_all($s, $r);
+var_dump($r);
+
+$stmtarray = array("DROP TABLE BUG68298");
+oci8_test_sql_execute($c, $stmtarray);
+?>
+===DONE===
+<?php exit(0); ?>
+--EXPECTF--
+array(1) {
+  ["COL1"]=>
+  array(2) {
+    [0]=>
+    string(19) "1152921504606846975"
+    [1]=>
+    string(20) "-1152921504606846975"
+  }
+}
+===DONE===
author	Christopher Jones <christopher.jones@oracle.com>
	Fri, 6 Nov 2015 14:56:50 +0000 (01:56 +1100)
committer	Christopher Jones <christopher.jones@oracle.com>
	Fri, 6 Nov 2015 14:56:50 +0000 (01:56 +1100)
ext/oci8/oci8_statement.c		patch \| blob \| history
ext/oci8/tests/bug68298.phpt	[new file with mode: 0644]	patch \| blob