- MFH: Fixed memory corruption in pg_copy_from() in case the as_null parameter

  was passed. (Derick)

diff --git a/NEWS b/NEWS
index 019f8641cfede7c968af01a3f9b00c4c792f91bc..f1886eaf316c20ea20b5c35156daf17f6048e36a 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,8 +1,12 @@
 PHP 4                                                                      NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
+11 Jul 2005, Version 4.4.0
+- Fixed memory corruption in pg_copy_from() in case the as_null parameter was
+  passed. (Derick)
+- Fixed bug #30052 (Crash on shutdown after odbc_pconnect()). (Edin)
+
 01 Jul 2005, Version 4.4.0 RC2
 - Fixed bug #31213 (Sideeffects caused by fix of bug #29493). (Dmitry)
-- Fixed bug #30052 (Crash on shutdown after odbc_pconnect()). (Edin)
 - Fixed bug #28377 (debug_backtrace is intermittently passing args). (Dmitry)
 
 13 Jun 2005, Version 4.4.0 RC1

diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c
index 41a50ea40f3900e3cf952e273c14db3e426632ca..4d33a1abdd67d82b64e6aef1a68a0ab4b2e0279c 100644 (file)
--- a/ext/pgsql/pgsql.c
+++ b/ext/pgsql/pgsql.c
@@ -2607,6 +2607,7 @@ PHP_FUNCTION(pg_copy_from)
        zval **tmp;
        char *table_name, *pg_delim = NULL, *pg_null_as = NULL;
        int  table_name_len, pg_delim_len, pg_null_as_len;
+       int  pg_null_as_free = 0;
        char *query;
        char *query_template = "COPY \"\" FROM STDIN DELIMITERS ':' WITH NULL AS ''";
        HashPosition pos;
@@ -2626,6 +2627,7 @@ PHP_FUNCTION(pg_copy_from)
        }
        if (!pg_null_as) {
                pg_null_as = safe_estrdup("\\\\N");
+               pg_null_as_free = 1;
        }
 
        ZEND_FETCH_RESOURCE2(pgsql, PGconn *, &pgsql_link, id, "PostgreSQL link", le_link, le_plink);
@@ -2638,7 +2640,9 @@ PHP_FUNCTION(pg_copy_from)
        }
        pgsql_result = PQexec(pgsql, query);
 
-       efree(pg_null_as);
+       if (pg_null_as_free) {
+               efree(pg_null_as);
+       }
        efree(query);
 
        if (pgsql_result) {